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Greenest, most energy-efficient 
blade server in the industry! 
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The new Triton TwinBlade Server is the most technologically advanced blade server system in the industry, 
and the ideal solution for power-efficiency, density, and ease of management. 


The Triton TwinBlade Server supports 
up to 120 DP servers with 240 Intel® 
Xeon® 5600/5500 series processors 
per 42U rack, achieving an umatched 
0.35U per DP node. Up to two 4x QDR 
(40 Gbps) Infiniband switches, 1OGbE 
switches or pass-through modules give 
the TwinBlade the bandwidth to support 
the most demanding applications. 


With N+1 redundant, high efficiency 
(94%) 2500W power supplies, the 
TwinBlade is the Greenest, most energy- 
efficient blade server in the industry. The 


energy saved by the ixX-Triton TwinBlade 
Server will keep the environment cleaner 
and greener, while leaving the green in 
your bank account. 


Server management is also simple 
with the Triton Twin Blade Server. 
Remote access is available through SOL 
(Serial Over Lan), KVM, and KVM over 

IP technologies. A separate controller 
processor allows all of the Triton’s remote 
management and monitoring to function 
regardless of system failures, offering true 
Lights Out Management. 


Using the Triton’s management system, 
administrators can remotely control 
TwinBlades, power supplies, cooling 
fans, and networking switches. Users 
may control the power remotely to 
reboot and reset the Triton TwinBlade 
Center and individual Twin Blades, and 
may also monitor temperatures, power 
status, fan speeds, and voltage. 


For more information on the iX-Triton 
TwinBlade, or to request a quote, visit: 


http://www.iXsystems.com/tritontwinblade 


20 Server Compute Nodes in 7U of Rack Space 


The iX-TB4X2 chassis holds 10 TwinBlade servers and each 
TwinBlade supports two nodes. This gives the iX-TB4X2 chassis the 
ability to house 20 nodes in 7U of rack space. The powerful Triton 
TwinBlade achieves 0.35U per dual-processor node, and is twice as 
dense as the previous generation of dual-processor blades. 


A fully-loaded iX-Triton TwinBlade supports 40 Intel® Xeon® 
5600/5500 series processors and up to 2.5 TB DDR 
1333/1066/800MHz ECC Registered DIMM memory. In a 42U rack 
this translates into 120 nodes with 240 Intel® Xeon® 

5600/5500 series processors and 15 TB DDR 1333/1066/800MHz 
ECC Registered DIMM memory. 


» By replacing 1U servers with TwinBlade servers, the power 
savings of the iX-TB4X2 can reach more than $1000* per 
year, per server with reduced cooling costs added in. 


» Replacing 1U rackmount servers with an iX-TB4X2 Twin 
Blade can reduce carbon dioxide emissions by over 5.5 
metric tons.** 


> The iX-Triton TwinBlade delivers the most energy-efficient 
blade server in the industry with four N+1 redundant, high 
efficiency (94%) 2500W power supplies. 


* Electricity costs vary by location. 


** According to Energy Information Agency (a statistical agency of the U.S. Department of Energy), 
saving one kilowatt hour of electricity reduces carbon dioxide emissions by 1.43 pounds. 


Call iXsystems toll free or visit our website today! 
+1-800-820-BSDi | www.iXsystems.com 


Intel, the Intel lage, and Xeon Inside are trademarks or registered trademarks of Intel Corporation in the US. and other countries, 


Key features: 


Up to 10 dual-node TwinBlades in a 7U 
Chassis, 6 Chassis per 42U rack 
Remotely manage and monitor 
TwinBlades, power supplies, cooling fans, 
and networking switches 

Hardware Health Monitor 

Virtual Media Over Lan (Virtual USB, 
Floppy/CD, and Drive Redirection) 
Integrated IPMI 2.0 w/ remote KVM over 
LAN/IP 

Remote Power Control 

Supports one hot-plug management 
module providing remote KVM and IPMI 
2.0 functionalities 

Up to four N+1 redundant, hot-swap 
2500W power supplies 

Up to 16 cooling fans 


Each of the TwinBlade’s 
two nodes features: 


Intel” Xeon” processor 5600/5500 series, 
with OPI up to 6.4 GT/s 


Intel® 5500 Chipset 


Up to 128GB DDR3 1333/ 1066/ 800MHz 
ECC Registered DIMM / 32GB Unbuffered 
DIMM 


Intel® 82576 Dual-Port Gigabit Ethernet 
2 x 2.5" Hot-Plug SATA Drive Trays 
Integrated Matrox G200eW Graphics 


Mellanox ConnectX ODR InfiniBand 
40Gbps or 10GbE support (Optional) 


Powertul. 
Intelligent. | 


CONTENTS 


Lu 
za 
N 
< 
O 
| < 
Dear Readers! = 
' ' Editor in Chief: 
!am happy to introduce you August issue. met ae 
This time we will be mentioning Windows, Ubuntu DETERS al SOUR SIAC 
in our magazine, but surely it will be more than Contributing: 
Rob Somerville, Daniele Mazzocchio, Rashid N. Achilov, Joseba 
connected to BSD. Mendez, Laura Michaels 
Read it and let us know if it was usefull and speci Mauch ALAA e aerate 
interesting. 2) Special thanks to: 
Marko Milenovic, Worth Bishop and Mike Bybee 
We also have modified and have another survey for 
; a Art Director: 
you, please find:some time to fill it in: enenee pereere 
At the moment we are planning to open russian ae 
version of BSD Magazine in September. Ireneusz Pogroszewski 
The magazine will be also free online publication. 
: Senior Consultant/Publisher: 
And we are looking for authors, betatesters and Pawet Marciniak pawel@software.com.pl 
proofreaders with russian as native language. Nerlonaleciee wenacee 
‘ Ewa t ick 
Please contact olga.kartseva@bsdmag.org in case Becy eet eye 
you want to contibute or have an idea where we ae 
. Marketing Director: 
should announce this news. Ewa tozowicka 


. ewa.lozowicka@software.com.pl 
Please spread the word about it on your blogs, 
forums, websites! Sate se 


Thank you ! karolina.lesinska@bsdmag.org 


Advertising Sales: 
Olga Kartseva 


Ol ga Kartseva olga.kartseva@software.com.pl 
Editor in Chief SUB cher 
olga.kartseva@software.com.pl Software Press Sp. z 0.0. SK 
ul. Bokserska 1, 02-682 Warszawa 


Poland 
worldwide publishing 
tel: 1917 338 36 31 

www.bsdmag.org 


Software Press Sp z 0.0. SK is looking for partners from all over 
the world. If you are interested in cooperation with us, please 
contact us via e-mail: editors@bsdmag.org 


All trade marks presented in the magazine were used only for 
informative purposes. All rights to trade marks presented in the 
magazine are reserved by the companies which own them. 


The editors use automatic DTP system AUWRPUS 


Mathematical formulas created by Design Science MathType™. 


BSD 08/2010 


lu 
7 
N 
< 
Gg 
< 
= 


GET STARTED 


OG Introduction to MidnightBSD 
Lukas Holt, Caryn Holt 

MidnightBSD was founded in 2006 by Lucas Holt. 

The project is a FreeBSD 6.0 fork with an emphasis on 
creating a desktop focused BSD. 

While there are other BSD desktop projects (most notably PC- 
BSD and DesktopBSD), 

we wanted to create an entire desktop centered BSD from the 
kernel all the way up to the standard applications. We want a 
BSD that a grandmother could install and use. 


HOW TO’S 


12 The FreeBSD Ubuntu challenge 
Rob Somerville 
FreeBSD makes a great server, but can it rise to the challenge 
of running Compiz as a workstation? 
One of the many criticisms of Open Source software (indeed 
even FreeBSD) is that it is not ready for the desktop. 


Network monitoring with Nagios and 

OpenBSD (PART 1) 

Daniele Mazzocchio 
So our OpenBSD-based network now includes redundant 
firewalls, domain name servers, a mail gateway and a web 
proxy cache. (Read previous issues of BSD Magazine) All the 
services provided by these machines are particularly critical and 
can't afford even minimal downtime. 

Redundancy may give us the time to recover a failure before 
having angry users trying to knock down our door, but it doesn't 
free us from the responsibility to detect and solve ongoing 
problems. 


“36 Replacing Microsoft Exchange Server 
Rashid N. Achilov 

Installing set of open-source programs without lack of 

functionality Instead of Microsoft Exchange Server. This way 

Groupware-part will be replaced on Horde Groupware. 
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4? Maintenance Systems over BSD 

Joseba Mendez 
| was talking in previous articles about how to run applications 
widely used in the Industry that can be supported by BSD apart 
of classical IT services. 

As clear example of this is SAP Suite. SAP covers all possible 
asset management to control the cost related to production 
and also maintenance but as per tighted cost in investments 
today, the Plants must run 24/7 with maximum reliability and 
productivity possible. 


46 Low Resource PCs with FreeBSD 

Laura Michaels 
FreeBSD is my pick for best modern operating system to use on 
older PCs. | can’t believe how many used PCs end up as landfill 
while students, educators, low income families and others go 
without a computer at all. 


5 CQ Making the Unknown Giant Visible and 
Known 
Joshua Ebarvia 
Making the Unknown Giant Visible and Known FreeBSD has the 
moniker Unknown Giant. | confirm that it is true in my place. | 
have asked system administrators, computer enthusiasts, and 
hobbyist about FreeBSD and they didn’t even know what I’m 
talking about. 
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GET STARTED 


to MidnightBSD 


An Introduction 


While there are other BSD desktop projects (most 


notably PC-BSD and DesktopBSD), we wanted to 
create an entire desktop centered BSD from the 


MianightBSD 


kernel all the way up to the standard applications. 
We want a BSD that a grandmother could install and use. 


What you will learn... 
¢ what is MidnightBSD : installation, booting, mports 


MidnightBSD History 

MidnightBSD was founded in 2006 by Lucas Holt. The 
project is a FreeBSD 6.0 fork with an emphasis on 
creating a desktop focused BSD. 

While there are other BSD desktop projects (most 
notably PC-BSD and DesktopBSD), we wanted to create 
an entire desktop centered BSD from the kernel all the 
way up to the standard applications. We want a BSD that 
a grandmother could install and use. 

The current development focus is on creating a solid 
foundation. We are working on further developing the 
mports system, creating a new package management 
system, improving the MidnightBSD build cluster and 
implementing an easy-to-use installer. 
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Welcome to MidnightBSDt 


. Boot [default] 
2. Boot with ACPI enabled 
3. Boot in Safe Mode 
. Boot in single user mode 
9. Boot with verbose logging 
. Escape to loader prompt 
7. Reboot 


Select option, [Enter] for default 
or [Space] to pause timer 6 


Figure 1. A selection screen 
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What you should know... 


« how to use computer 


System Requirements 

A computer with an Intel Pentium or equivalent CPU and 
64MB RAM is required to install MidnightBSD. For optimal 
desktop use, we recommend at least 256MB of RAM and 
a 686 class CPU. 


Getting MidnightBSD 

MidnightBSD is available for i386 and amd64 architectures. 
The latestrelease is 0.2.1 with 0.3 under active development. 
Developer snapshots are available for version 0.3 on i386 
and amd64; those familiar with BSD development or who 
like to experiment with newer technologies may wish to try 
the developer snapshots. Most users will have a better 
experience with 0.2.1-RELEASE. 


MidnightBSD/i386 0.2-RELEASE sinstall Main Menu 
Welcome to the MidnightBSD installation ae anki pipcelen tool. Please 
select one of the options below by using the arrow keys or typing the 
first character of the option name you’re interested in. Invoke an 
option with [SPACE] or [ENTER]. To exit, use [TAB] to move to Exit. 


Quick start - How to use this menu system 
Begin a quick installation (for experts) 
Begin a custom installation (for experts) 
Do post-install configuration of MidnightBSD 
Copyright, Shortcut, etc. 

-eymap Select keyboard type 

ptions View/Set various installation options 

) SE KLT Repair mode with CDROM/DUD/f loppy or start shell 

“ pgrade Upgrade an existing system 

Load default install configuration 

ndex Glossary of functions 


C Select X Exit Install 


{ Press Fi for Installation Guide 


Figure 2. The sysinstall installation program 
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ISO images may be_- obtained’ from _ Attp:/ 
www.midnightbsd.org/download/. \|f one wishes to 
use a graphical desktop environment such as KDE 
or WindowMaker & GNUstep, download three files 
0.2.1-RELEASE-i386-disc1.iso, 0.2.1-RELEASE-i386- 
disc2.iso, and 0.2.1-RELEASE-i386-disc3.iso. Disk two 
and three contain packages and are not needed for 
a basic installation. Burn these files to CDs using your 
favorite program. 


Trying MidnightBSD 

A live CD is available on the project wiki at hAttp:// 
www.midnightbsd.org/wiki/livecd. Using a live CD can 
help you determine if you wish to install MidnightBSD on 
your computer as well as test for hardware compatibility. 


Installing MidnightBSD 

Place the MidnightBSD disc1 CD into your computer and 
start the system. You will be presented with a selection 
screen similar to the following: see Figure 1. 

You may wait or press enter. If you have an older 
system and experience difficulties booting MidnightBSD, 
try option 3 Boot in Safe Mode. After a few moments, you 
will be presented with the sysinstall installation program 
see Figure 2. 


In the next menu, you will need to oe ver a DOS-style ("fdisk") partitioning 
scheme for your hard disk. If you simply wish to devote all disk space 
to MidnightBSD Coverwriting anything else that might be on the disk(s) selecte 
then use the (AJ11 command to select the default partitioning scheme followed 
by a (Q)uit. If you wish to allocate only free space to MidnightBSD, move to 
partition marked “unused” and use the (C)reate command. 

(1007) 


Figure 3. Choose OK to continue to fdisk see 


FDISK eee cae 


= 6290928 sectors (3071M 


Disk name: 
DISK Geometry: 


6241 cyls/16 heads/63 sectors 


Offset Size(ST) End Name PType Desc Subtype Flags 


unused 


following commands are supported Cin upper or lower case): 


= Use Entire Disk 
= Delete Slice 
= Change Type 


5 = set Drive Geometry C = Create Slice F = ‘DD’ mode 
= Toggle Size Units 5S = Set Bootable i = Wizard m. 
= Undo All Changes Q = Finish 


Fi or ? to get more help, arrow keys to select. 


Figure 4. This will allocate your entire hard disk to MidnightBSD 
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You may wait or press enter. Select Standard from the 
menu by pressing down and then press Enter on your 
keyboard. You will then be presented with an informational 
box explaining the fdisk process. Choose OK to continue 
to fdisk see Figure 3. For this article, it is assumed that 
you wish to install MidnightBSD as the only operating 
system on your computer or virtual machine. Installing 
MidnightBSD along with another system requires free 
disk space for MidnightBSD to use on the hard drive 
and a boot manager. A simple boot manager is included 
with MidnightBSD, but we recommend using a third party 
manager called GAG as it is compatible with Windows 7. 

To setup your hard disk in fdisk, select a for Use Entire 
Disk, arrow down to the newly created freebsd type, press 
S for Set Bootable and Q for Finish. This will allocate your 
entire hard disk to MidnightBSD see Figure 4. 

Next, you will select the boot manager. If you will be 
using MidnightBSD on the entire drive or with GAG, arrow 
down and select Standard. When sharing the drive with 
Windows XP or another OS, use BootMgr see Figure 5. 

Another informational message will pop-up. Select OK 
and contine to the DiskLabel Editor. Most users will be 
able to use the defaults. Select A for Auto Defaults and 
then Q to Finish see Figure 6. 


Install Boot Manager for drive ad0? 
MidnightBSD comes with a boot selector that allows you to easily 
select between MidnightBSD and any other operating systems on your machine 
at boot time. If you have more than one drive and want to boot 
from the second one, the boot selector will also make it possible 
to do so (limitations in the PC BIOS usually prevent this otherwise). 
If you do not want a boot selector, or wish to replace an existing 
one, select “standard”. If you would prefer your Master Boot 
Record to remain untouched then select “None”. 


NOTE: PC-DOS users will almost certainly require “None"t 
_ootMgr Install the cree Boot Manager 
Standard Ins stall la standa M BR (no boot ma 


one Leave t the faatee hoot, Record STS Te 


= ik] pees! 
{ Press F1 to = about drive setup ] 


Figure 5. When sharing the drive with Windows XP or another OS, use 
BootMgr 


idnightBSD Disklabel Editor 


Size Newfs 


281MB UFS2 
76MB SWAP 
217MB UFS2+5 Y 
166MB UFS2+5 Y 

2331MB UFS2+5 Y 


following commands are valid here (upper or lower case): 
= Create D = Delete M = Mount pt. 

Newfs Opts Q = Finish S = Toggle SoftUpdates Z = Custom Newfs 
= Toggle Newfs U = Undo A = Auto Defaults R = Delete+Merge 


Fi or ? to get more help, arrow keys to select. 


Figure 6. Select A for Auto Defaults and then Q to Finish see 
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You will be presented with the Choose Distributions 
screen. Select A// which includes source code needed by 
some mports to compile kernel modules. With a developer 
snapshot, select Exit here see Figure 7. 

You will see a new screen asking about the MidnightBSD 
Ports Collection, choose YES so that you may choose 
from over 2,000 additional ported applications see 
Figure 8. 

Select Exit on the screen to continue the install. Next, 
you will select the CD-ROM method of installation. It is 
also possible to install over FTP which is useful when you 
have difficultly with CD-ROM detection; FTP install works 
around bugs with Microsoft Virtual PC 7 for Mac OS for 
example see Figure 9. 

Finally, you will be presented with a screen asking you 
if you want to continue. Choose YES to begin installation. 
This process may take a few minutes to over an hour 
to copy the core system files over depending on the 
computer and selected packages. Your hard disk will 
be partitioned and formatted during this process. If you 
choose NO, you will abort changes to your system. You 
will be asked to swap CDs during this process several 
times see Figure 10. 

You will be asked to swap CDs during this process 
several times. MidnightBSD core files have been installed. 


As a convenience, we provide several “canned” distribution sets. 

These select what we consider to be the most reasonable defaults for the 
type of system in question. If you would prefer to pick and choose the 
list of distributions yourself, simply select “Custom”. You can also 
pick a canned distribution set and then fine-tune it with the Custom item. 


Choose an item by pressing [SPACE] or [ENTER]. 
Exit item or move to the OK button with [TAB]. 


When finished, choose the 


Exit this menu (returning to previous) 


All system sources, binaries and X Window System 


Reset selected distribution list to nothing 
Full sources, binaries and doc but no games 
Same as above + X Window System 

Full binaries and doc, kernel sources only 
Same as above + X Window System 

Average user —- binaries and doc only 


Cancel 


Figure 7. With a developer snapshot, select Exit here see Figure 7 


Would you like to install the MidnightBSD ports collection? 


This will give you ready access to over 2,000 ported software packages, 

at a cost of around 100MB of disk space when “clean” and possibly 

much more than that when a lot of the distribution tarballs are loaded 

(unless you have the extra discs available from a MidnightBSD CD/DUD distribut 
oand can mount them on /cdrom, in which case this is far less of a problem). 


The ports collection is a very valuable resource and well worth having 
on your /usr partition, so it is advisable to say Yes to this option. 


For more information on the ports collection & the latest ports, visit: 
http://www.midnightbsd .org/mports 


yes 1 


Figure 8. A new screen asking about the MidnightBSD Ports 
Collection 
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Now you will be asked for several system configuration 
options and given the option to install additional software 
see Figure 11. 

You will be given the option to setup ethernet. Select 
YES and continue into the ethernet configuration screen. 
You will see at least two options: sio and pppo. Any 
additional options will be network interfaces such as emo, 
fxp0, red, rl0o, and so on. For those unfamiliar with BSD, 
drivers for network cards tend to be named differently 
rather than a convention like ethO used in Mac OS X and 
Linux see Figure 12. 

Most users will want to skip IPV6 configuration as home 
networks tend to be IPV4. It is possible to setup an IPV6 
tunnel in MidnightBSD using a service such as sixxs.net. 
It is recommended that you select DHCP configuration 
as home routers tend to provide this feature. Your 
network cable should be plugged in before trying DHCP 
configuration. 

Type in a host name and make any necessary changes. 
Then select OK see Figure 13. 

At this point, you will be asked a few more questions 
such as Do you want this machine to function as a network 
gateway? Select no. Do you want to configure inetd and 
the network services it provides? Select no. Would you 


MidnightBSD can be installed from a variety of different installation 
media, ranging from floppies to an Internet FTP server. If you’re 
installing MidnightBSD from a supported CD/DUD drive then this is generally 
the best media to use if you have no overriding reason for using other 
media. 


Install from a MidnightBSD CD/DUD 

Install from an FTP server 

Install from an FTP server through a firewall 
Install from an FTP server through a http proxy 
Install from a DOS partition 

Install over NFS 

Install from an existing filesystem 

Install from a floppy disk set 

Install from SCSI or QIC tape 

Go to the Options screen 


KWON wu pUN 


Cancel 


Figure 9. FTP install works around bugs with Microsoft Virtual PC 7 
for Mac OS 


Last Chancet Are you SURE you want continue the installation? 


If you’re running this on a disk with data you wish to save 
then WE STRONGLY ENCOURAGE YOU TO MAKE PROPER BACKUPS before 
proceeding? 


We can take no responsibility for lost disk contents! 


Nes 1 No 


Figure 10. You will be asked to swap CDs during this process several 
times 
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like to enable SSH login? | often enable this feature, but 
it depends on your requirements. Enabling SSH will allow 
others to try to login to your system while on the Internet. 
lt is not recommended that you run an anonymous 
FTP server or nfs related services. Select no to those 
questions. You may also select no on the system console 
settings unless you need to change your localization or 
keyboard setup. 

Be sure to select the time zone. Most desktop PCs are 
not set to UTC time. In my case, | select North America, 
United States, and Eastern Time — Michigan. 

It is recommended that you enable linux binary 
compatibility. It will allow you to run older linux 
applications such as Mozilla Firefox and Adobe Flash. 
You may also install games such as Enemy Territory. In 
MidnightBSD 0.2.1, we have support for Linux 2.4 kernel 
libraries and use Fedora Core 4. The development 
version of MidnightBSD supports Linux 2.6 emulation. 

Most older systems have a PS/2 mouse, so select yes 
to this question if you have a mouse. You will be given an 
opportunity to test the moues. Once you feel comfortable 
with the settings, select exit to continue on to the package 
selection screen. 

The package selection screen allows you to browse 
packages included on disk one, two and three. If you 


Congratulationst You now have MidnightBSD installed on your system. 
We will now move on to the final configuration questions. 

For any option you do not wish to configure, simply select 

No. 


If you wish to re-enter this utility after the system is up, you 
may do so by typing: /usr/sbin/sysinstall. 


(1007) 


Figure 11. For several system configuration options and the option to 
install additional software 


If you are using PPP over a serial device, as opposed to a direct 
ethernet connection, then you may first need to dial your Internet 
Service Provider using the ppp utility we provide for that purpose. 
If you’re using SLIP over a serial device then the expectation is 
that you have a HARDWIRED connection. 


You can also install over a parallel port using a special “laplink” 
cable to another machine running MidnightBSD. 


lemO} Intel(R) PRO/1000 ethernet card 
SLIP interface on device /dev/cuadO (COM1) 
PPP interface on device /dev/cuadO (COM1) 


OI = Cancel 


Figure 12. Network cards names 
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downloaded all three CDs, you can select various 
software packages such as KDE. You may also skip 
this step if you did not download the CDs or prefer to 
fetch the packages over the Internet. The first time the 
system boots up, a shell script is run that allows you to 
configure your graphical login settings. This will also fetch 
software packages from the MidnightBSD FTP server as 
necessary. Prepare to switch between CDs several times 
if you select a large number of software packages. 

Next you will be presented with an initial user account 
screen. Create user accounts for each person who will use 
the system. This version of MidnightBSD relies on the root 
account at first, but you may setup sudo later. Remember 
to add the user to the wheel group if you want them to 
be able to use su or sudo. | recommend a different shell 
such aS /bin/tcsh OF /bin/mksh for most users. After the user 
creation step, you will need to type in a root password. 

Finally, you will be asked if there are any remaining 
configuration changes. Select no and you will end up at 
the original sysinstall screen. Select Exit Install and be 
sure to remove the CD from the optical drive. 


First Boot 

The system will reboot into MidnightBSD and proceed to 
run the firstboot script. It will ask a few questions. You can 
choose to report your install using bsdstats. This will let us 
know how many people are using MidnightBSD. 

Next, you will be asked if you wish to _ install 
a graphical environment. Type yes to install GNUstep 
and WindowMaker. KDE 3.5 is available on the CD as 
packages. 

lf you make any mistakes during the first boot script, 
you may delete the file /etc/fbreceipt ANd FUN /etc/rc.d/ 
firstboot Start. 

You may temporarily disable the firewall to help with 
FTP issues behind NAT by using the command ipfw 
disable firewall. 


Network Configuration 
Domain: 


midnightbsd .org 


Name server: 


208 .67 .222 .222 | 


Host: 


demo .midnightbsd.org | 


IPv4 Gateway: 


10.0.2.2 | 


Configuration for Interface emO 
IPv4 Address: 


10.0.2.15 | 


Netmask: 


255.255.255.0 | 


Extra options to ifconfig (usually empty): 
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Other Considerations 

MidnightBSD includes a script to automatically detect 
and load sound drivers on system startup. Occasionally, 
it does not work for a particular sound card. Try running 
kldload sound as root to test your sound card. You 
can make adjustments to the firewall rules in /etc/ 
re.tirewadd. 

Documentation for the system is available on http: 
/Iwww.midnightbsd.org/ and http:/Awww.midnightbsd.org/ 
wiki/. Help is available on IRC 
#midnightbsd) and our mailing lists. 

Install software by using the pxg_ada tool as follows: pxg_ 
add —f program name to fetch it from the FTP server. 


(irc. freenode.net 


Mports 

MidnightBSD includes a ports system called mports. An 
older snapshot of mports is included in MidnightBSD 
0.2.1 and directions for getting a newer copy are 
available on the wiki using cvs or cvsup. mports differ 
from FreeBSD ports in several ways including the fake 
system which allows us to install into a temporary 
directory and then create a package. Every time you 
install a port, it is from a package. It allows us to find 
bugs in package generation and makes it easier for 
users to distribute packages. In the future, the pxg_ 
add tool will be replaced by a sophisticated package 
management system called mport which is similar in 
functionality to tools found in the Linux community like 
yum and apt-get. Mport tools are available for testing 
on MidnightBSD 0.3 and rely on sqlite 3 databases for 
meta data. 


LUCAS HOLT 
Lucas Holt is a software engineer at PRIME Research; working 
on large scale data collection and processing applications. He- 
’s worked with BSD since 2000, starting on NetBSD with a Sun 
SparcStation IPC. 


CARYN HOLT 

Caryn Holt is a software engineer at Rovi Corporation. She is cur- 
rently working on graphical versions of the mport tools for the 
MidnightBSD project. 
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@ FreeBSD 8.1 Jewel Case CD/DVD 


Set contains: 

- Dise 1: Installation & Live File Systern (for system recovery) 
- Disc 2: Packages and Documentation 

- Disc 3: Additional Packages 

- Disc 4; More Packages 


W FreeBSD Subscriptions 


Save time and $$$ by subscribing to regular updates of FreeBSD! 


FreeBSD Subscription , start with CD 8.1 ......ccccssssccsssssrsscsscssssssessssessseese 
FreeBSD Subscription, start with DVD 8.1 ...........sssssseserssssssssssseeres 
FYESCESD SUDSCrigtho ri, CU F.5 csccessecsseenssssssssessecsnnssensssnessecesseannsesnscsansasensi 
FreeBSD Subscription, DVD 7.3 .......sccssccrecccccsssssessssseeessccessssssssssssseeesencess 


W PC-BSD 8 DVD (Hubble Edition) 
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@ The FreeBSD Handbook 


The FreeBSD Handbook, Volume 1 (User Guide) ................cccccccccsesesenees 
eonreee 939.95 


The FreeBSD Handbook, Volume 2 (Admin Guide) ..............:000000 


W Special: The FreeBSD Handbook, Volume 2 (Both Volurmes) .......cccccrecserecees 
® Special: The FreeBSD Handbook, Both Volumes, & FreeBSD 8.1 .................. 


@ The FreeBSD Bundle 


Inside the Bundle, you'll find: 


: FreeBSD Handbook, 3rd Edition, Users Guide 
+» FreeBSD Handbook, 3rd Edition, Admin Guide 
+» FreeBSD 6.1 4-dise set 

- FreeBSD Toolkit DVD 


Ww Special: The FreeBSD cD Bundle PEASE ESSE ES ES BS BE Ee Ee OS 
w Special: The FreeBSD DVD Bundle SHPPEEETAAPE AATEC EDD REED ial SSPE EERE SE 


@ The FreeBSD Toolkit DVD.............. 
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Ubuntu challenge 


The FreeBSD 


FreeBSD makes a great server, but can it rise to the 
challenge of running Compiz as a workstation? 


What you will learn... 

« insallation of Compiz 

« installation of OpenOffice 

« Installation the 3D accelerated video driver 


What you should know... 
¢ have an idea of Ubuntu and FreeBSD OS 


ne of the many criticisms of Open Source 
software (indeed even FreeBSD) is that it is not 
ready for the desktop. While this is a reasonable 
argument when it comes down to _ cross-platform 
compatibility with Microsoft applications using Wine, one 
of the misconceptions with the BSD platform (with the 
exception of PC-BSD) is that it is more geared towards 
the server farm out of the box than a fully functional 
desktop with GUI. This how-to aims to dispel this myth, 
and it will demonstrate how to get a fully functioning basic 
desktop with OpenOffice (Office Suite), Firefox (Browser), 
SGVGCT THE GISTIMITIOTE your “ian TO SETATL, 


Please check off the distributions you wish to install. 
very minimum, this should be "base". 


At the 


CEO LUKE Exit this menu (returning to previous) 
1 
Reco Reset all of the below 

oad Binary base distribution (required) 
Keres Binary kernel distributions (required) 
CIOL Spelling checker dictionary files 

G66 FreeBSD Documentation set 

COCUSET Miscellaneous userland docs 

CeNGE Games (non-commercial) 

ined GNU info files 

hen System manual pages - recommended 
CHinen Preformatted system manual pages 
ss Profiled versions of the libraries 

cit Sources for everything 

poris The FreeBSD Ports collection 

16tel Local additions collection 


ss st ss ss ts ss 


[ 
[ 
[ 
[ 
[ 
[ 
[ 
[ 
[ 
[ 
[ 
[ 
[ 


Cancel 


Figure 1. Standard FreeBSD installation 
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Gimp (Graphics editor tool) as well as the eye-catching 
3D windowing effects of Compiz. 


System requirements 

An essential requirement for Compiz is a graphics card that 
will support 3D-accelerated graphics. Unfortunately, this 
limits the choice of graphics card used as some vendors 
will not release the source code or provide a driver for the 
“BSD or other Open Source platforms. | will be using the 
Nvidia driver, and as Compiz integrates very well with the 
Gnome desktop (The default Ubuntu desktop) and | will 
use FreeBSD 8.0 as the basis for the install. Depending 
on the time available to you, you may prefer to compile 


RACKAGE BOLESTS ON 

To mark a package, move to it and press SPACE. If the package is 
already marked, it will be unmarked or deleted (if installed). 
Items marked with a “D' are dependencies which will be auto-loaded. 
To search for a package by name, press ESC. To select a category, 
press RETURN. NOTE: The All category selection creates a very large 
submenu! If you select it, please be patient while it comes up. 

oe 

gaiics 

geouraphy. 


Various and sundry amusements. 
Geography-related software. 

ginpiice Graphics libraries and utilities. 

Diver IPv6 related software. 

at Internet Relay Chat utilities. 

k Software for the K Desktop Environment. 
Taig Computer Languages. 

Re citx Linux programs that can run under binary compatibility. 
me) Electronic mail packages and utilities. 
nn Mathematical computation software. 

nu Miscellaneous utilities. 

v(+) 


is] 2=s Install 


Figure 2. /nstallation packages: Gnome and all its derivatives 
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e209 
X Window System based utilities. 


ag 
MVSOVA GS-1 ie: 
MHERSEGESD Tye 2 


[/usr/ports/x1l/xlsclients 
[/usr/ports/x11/xmessage] 
MHGUHRPS 2 OLS {/usr/ports/x11/xmodmap] 
KOM 7. 4 7 [/usr/ports/x11/xorg] 

org- 41 [/usr/ports/x1ll/xorg-apps] 
KOU ECT ATAVES ER G2 [/usr/ports/x11/xorg-cf-fi 
RoOrdedGCge3 a, > [/usr/ports/x1l/xorg-docs] 
KOGA AACS 7.4 [/usr/ports/x11l/xorg-libra 
MT 220 2 [/usr/ports/x1l/xpr] 
Mop .UlA [/usr/ports/x1l/xprop] 
KHVOTOe7 .C,3% [/usr/ports/x1l1/xproto] 
> (bet Ube Owcbe U [/usr/ports/x1l/xrandr] 
v(+) 


Cancel 
Figure 3. Installation of Xorg 7.4.2 


the very latest source code from scratch by using the ports 
collection. | have tried to avoid this where possible by using 
packages as the installation method to speed up the install. 


Installation 


Part 1 - O/S install 

Proceed as normal with a standard FreeBSD installation, and 
install all system sources and binaries, as well as ports (see 
Figure 1). Additionally, you will need to install the following 
packages: Gnome and all its derivatives (e.g. GDM, see 
Figure 2), Xorg 7.4.2 (Figure 3), and xorg-server (Figure 4). 
Network configuration can proceed to suit your environment, 
| have used DHCP but access to the internet from the target 
machine will be required later. When prompted to test and 
configure the mouse daemon, say yet to this. 


Part 2 - Preparing for Xorg and the Nvidia driver 
Add the following lines to /etc/rc.cont to provide Linux 
support and allow Xorg to pick up the mouse: 


linux enable="YES" 
dbus eneble="YERo" 
ined. enable="YES" 


Generate a generic xorg.conf file so that we can add the 
driver and various customisations later: 


Xorg -configure 


mv /root/xorg.conf.new /etc/X11/xorg.conf 


Reboot to ensure Linux compatibility etc. is running prior 
to compiling the Nvidia driver. 


Part 3 - Installing the 3D accelerated video driver 
Login to a terminal as root, and compile and install the 
Nvidia driver — ensure FreeBSD AGP support is disabled 
(see Figure 5): 
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Figure 4. /nstallation of Xorg-server 
cd /usr/ports/xll1/nvidia-driver 


make install clean 


We can now add the following tine to /noot/1oader.conf tO 
load the Nvidia driver at start-up: 


nvidia load="YES” 


As the Nvidia driver already has AGP support built in, we 
will need to remind the kernel not to load AGP support. 
Add this line to /boot/device-hints: 


hint.agp.0.disabled="1" 


Edit the /etc/xi1/xorg.conf you generated earlier, and add 
the following entry under Modules: 

Load "extmod" 
Load al 

Add the following to the Screen section under Monitor: 


DefaultDepth 24 
Option "AddARGBGLXVisuals" "True" 
In the Device section, amend the Driver line to read: 


Driver “avioia” 


At the end of the file add: 


Section "Extensions" 
Option "Composite" "Enable" 


FndSection 


Options for nvidia-driver 195.36.15 


Use FreeBSD AGP GART driver 

Enable support for ACPI Power Management 
Build with support for Linux compatibility 
Enable heavy-weight cache-flush Logic 


Ey Acre 
XT ELNUK 
fy wip 


Cancel 


Figure 5. /nstalling the 3D accelerated video driver 
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5 : 7 ibili 

Lh General Options ~€ Gnome Compatibility 

Options that keep Compiz compatibl 
the Gnome desktop environment 


@ c b ADD Helper 
C jm Magnifier 


O 4 Opacity, Brightness and 
Saturation 


@ oa, Color filter 
o 


® E Negative 


ee 
o e 7 Show mouse 


1S) Enhanced Zoom 
‘yA Desktop 

fS Opacify 

7, ) 

O Zoom Desktop 
So) 


SA Desktop Cube 


el 
oO Fade to Desktop 
ib a 4) 


CO al] Viewport Switcher 


(as) Desktop Wall 


red Rotate Cube 


i Widget Layer 


Figure 6. /nstalling Compiz 1 


Part 4 - Installing Compiz 
Install Compiz from the packages: 


pro add =r compiz-fusio0n 
As root run the following: 
gdm 


You should be greeted with the GDM login screen. Login 
as a Standard user, and configure Compiz by running 
CCSM in a terminal window: 


CCsSm 


Ensure that the effects are enabled as shown in Figure 6 
and Figure 7. Create a shell script in your home directory 
called compiz-startup.sh with the followimng content: 


OF en ts 
Crrects 


SA 3D Windows 


ie Bicubic filter 


SP cube Reflection and 
in Deformation 


|) Minimize Effect 
Reflection 


= 
] Window Decoration \ Wobbly Windows 


we Animations MV] <> Animations Add-On 
ow Blur Windows 
ET Fading Windows 
@ Motion blur 


— Trailfocus 


(ae Cube Gears 
a e | Login/Logout 
> Paint fire on the screen 
© Water Effect 


OB os 


iN Annotate 
% | Splash 


Figure 7. Installing Compiz 2 
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les Window Previews 
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Listing 1. Sample xorg.conf 


Section "ServerLayout" #Option "UseFBDev" # [<bool>] 
Identifier YX org, Conmgured™ #Option "Rotate" Pics || 
Screen 0 "Screen0" 0 0 #Option "VideoKey" # <i> 
InputDevice "Mouse0" "CorePointer" #Option "FPlatPanel" # [<bool>] 
InputDevice "Keyboard0" "CoreKeyboard" #Option YE RDILEner # [<bool>] 

EndSection #Option "CrtcNumber" <> 

Section "Files" #Option "FPScale" ey Selelowle| 
ModulePath masr/ locally lib) xorg) modules” #Option "FPTweak" # <i> 
FontPath “use local, lilo Mil fonts / misc, * #Option "DualHead" # <bool>] 
FontPath Trust) local) ial) <li; tomts/ Tin /™ Identifier "Cacdu” 
FontPath Eile) Woe alle) Vito / Xan scomine / Ole! Driver Wiawalieliiye ys 
FontPath Wise ocak lt) Kil) fonte, Tyoe i; ™ VendorName TnvAciias Conporalion” 
FontPath Uist ocak) Iaiby Cy tonite) L0Gdes 7)" BoardName "G73 [GeForce 7600 GS]" 
FontPath lem local lab ul homie, jdei EndSection 

EndSection Section "Screen" 

Section "Module" Identifier "Screen0Q" 
Load "dbe" Device Cael)! 
Load ete Monitor ‘MORE Om 0: 
Load "extmod" DefaultDepth 24 
Load alee) Option "AddARGBGLXVisuals" "True" 
Load Mieecora SubSection UDasp lay 

EndSection Viewport 0 0 

Section "InputDevice" EndSubSection 
Identifier "Keyboard0" SubSection ‘Display 
Driver J loicl Viewport One 

EndSection Depth ~ 

Section "InputDevice" EndSubSection 
Identifier "MouseQ" SubSection PO Darsp lay’ 

Driver "mouse" Viewport 0 0 

Op Eaon PPEOLOCOL” “alo” Depth 8 

Option "Device" "/dev/sysmouse" EndSubSection 

Optven NTA sMapping’ 4) 5 677" SubSection Discley” 

EndSection Viewport 0 0 

section “Monitor” Depth ils 
Identifier “MOnmnor” EndSubSection 
VendorName "Monitor Vendor" SubSection eDaspilaye 
ModelName "Monitor Model" Viewport 0 0 

EndSection Depth 16 

Section "Device" EndSubSection 

### Available Driver options are:- SubSection HN) Dalesy oul a 

### Values: <i>: integer, <f>: float, <bool>: Viewport C0 
UErue! 7 halse! Depth 24 

tit —<StEring>; USering”, <treg>: "<i> Az/khz/ Maz” EndSubSection 

### [arg]: arg optional EndSection 


#Option I SWeurson™ # i<bOool>] Section “Extensions” 

#Option IG Tas © ta! # [<bool>] Option "Composite" "Enable" 
#Option "NoAccel" a alee] EndSection 

#Option "ShadowFB" 7 bool. | 
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References 


Nvidia page at FreeBSD.org: http://www.freebsd.org/doc/en/ 
articles/compiz-fusion/nvidia-setup.html 

FreeBSD website —- Configuring sound: http:/www.freebsd.org/ 
doc/en_US.ISO8859-1/books/handbook/sound-setup.html 
OpenOffice pre-load files: Please open http://java.sun.com/ 
javase/downloads/index.jsp in a web browser and follow the 
Download link for JDK US DST Timezone Update Tool - 1_3_18 to 
obtain the time zone update file, tzupdater-1_3_18-2009k.zip. 
Please download the patchset, bsd-jdk16-patches-4.tar.bz2, 
from http:/www.eyesbeyond.com/freebsddom/java/jdk16.html. 
Emerald Themes: http://compiz-themes.org/index.php?xcon- 
tentmode=103 

FreeBSD forums~ - Install 


Flashplayer: = http:// 


forums.freebsd.org/showthread.php?t=5786 


#!/bin/sh 
compiz --replace --sm-disable --ignore-desktop-hints ccp & 


emerald --replace & 

When you created it, flag it as executable: 
Chimod: +x. Compl zZ=stertup.sh 

Now try running Compiz from within a terminal: 
./compiz-startup.sh 

Compiz should load the Emerald window decorator and 
the desktop effects should be enabled. If you do not 
have a title bar, check that your xorg.conf is setup similar 


to the sample xorg.cont (Figure 8): see Listing 1. 


Further Compiz configuration 


¢ Compiz setting are changed via ccsm 
¢ Emerald themes are changed via emerald-theme- 
manager. 


. File Browser .  & 


Figure 8. Check that your xorg.conf is setup similar to the sample 
xorg.conf 
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¢ You can auto-load Compiz by adding it to Startup 
Applications in the System menu. 

¢ To force GDM to start on boot, add gam_ enable="YES” 
tO rc.conf. 

¢ Gnome-terminal refused to work on my test box — 
| got round this by copying the shortcut to the desktop 
and using xterm instead. 


Installing the Browser, OpenOffice and Flash etc. 
Installing the Gimp, Firefox 


pkg_ add -r gimp 
pko.add. =-r Trerox35 


Installing Open Office 

At the time of writing, OpenOffice was not available as 
a binary — you may choose to skip installing this as the 
compile time is extensive. If you want to install it, you will 
need to download the files listed in the appendix and copy 
these tO /usr/ports/distfiles before you commence. To 
compile OOo from source: 


cd /usr/ports/editors/openoffice.org-2 


make install clean BATCH=YES 


Further improvements 
Unfortunately, the kit | was working with didn't have a suitable 
sound card (3D support with a virtual machine is very 
experimental). | was also experiencing a fatal error installing 
flashplayer: Attempting to fetch from http://fpodownload.macr 
omedia.com/get/flashplayer/current/. fetch:http:/fodownload. 
macromedia.com/get/flashplayer/currentinstall_flash_player_ 
10_linux.tar.gz: size mismatch: expected 4044751, actual 
4760657 

Due to publication deadlines there was not time to 
investigate this, but hopefully by the time this how-to is 
released the problem will have been solved. | have run 
Flashplayer and Firefox together on other desktops, and 
it works well. 

Please see the appendix for details of how to configure 
these with FreeBSD. 


ROB SOMERVILLE 

Rob Somerville has been passionately involved with technology 
both as an amateur and professional since childhood. A passionate 
convert to *BSD, he stubbornly refuses to shave off his beard under 
any circumstances. Fortunately, his wife understands him (she 
was working as a System/36 operator when they first met). The 
technological passions of their daughter and numerous pets are still 
to be revealed. 
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Network monitoring 


with Nagios and OpenBSD, Part 1 


So our OpenBSD-based network now includes redundant firewalls (http:// 
www.kernel-panic.it/openbsd/carp/index.html), domain name servers 
(http://www.kernel-panic.it/openbsd/dns/index.html), a mail gateway 
(http://www.kernel-panic.it/openbsd/mail/index.html) and a web proxy 
cache (http://www.kernel-panic.it/openbsd/proxy/index.html). 


What you will learn... 
- Installing Nagios 
¢ How to monitor network with Nagios and Open BSD 


Il the services provided by these machines are 
A ewricsen critical and can't afford even minimal 

downtime. Redundancy may give us the time to 
recover a failure before having angry users trying to knock 
down our door, but it doesn't free us from the responsibility 
to detect and solve ongoing problems. 

To put it short, it's time to think about monitoring our 
network! And the following are the perfect ingredients for 
implementing a full-featured, secure and reliable network 
monitoring system: 


OpenBSD (http:/www.openbsd.org/) 

the operating system for the security paranoid, with only 
two remote holes in the default install, in a heck of a long 
time!: 


Nagios (http://www.nagios.org/) 
the leader and industry standard in enterprise system, 
network, and application monitoring; 


Apache (http://httpd.apache.org/) 

the secure, efficient and extensible server that provides 

HTTP services in sync with the current HTTP standards. 
My pick goes to Nagios for its ease of use, flexibility 

and extensibility. It also features a very clean and 

straightforward design, as it is structured into three basic 

building blocks: 
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What you should know... 
¢- Agood knowledge of OpenBSD administration 
¢ Basic MySQL database administration 


* a daemon process, running’ periodic checks 
on specific hosts and services and managing 
notifications when problems arise; 

¢ an optional web interface, to access current status 
information, historical logs and reports via a simple 
web browser; 

¢ a set of external plugins, i.e. the (possibly custom) 
scripts executed by the daemon process to actually 
perform the checks and send out notifications. 


Furthermore, these basic components can be easily 
extended with external modules, making it easy for 
Nagios to meet even your most demanding needs! 
Therefore, after the installation and configuration of 
the Nagios’ core components, we will take a brief look 
at some of its most popular and useful addons (http:// 
www.nagiosexchange.org/AddOn_ Projects. 22.0.html): 


¢ NRPE _ (http://www.kernel-panic.it/openbsd/nagios/ 
nagiosS.html#nagios-5.1), the Nagios Remote Plugin 
Executor, which allows you to execute local plugins 
on remote hosts; 

¢ NSCA _ (http://www.kernel-panic.it/openbsd/nagios/ 
nagios5.html#nagios-5.2), the Nagios Service 
Check Acceptor, which processes passive service 
check results submitted by clients to the Nagios 
server; 
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¢ NagVis_ (http://www.kernel-panic.it/openbsd/nagios/ 
nagiosS.html#nagios-5.3), the Nagios Visualization 
Addon, which allows you to deeply customize how 
Nagios data is displayed; 


A good knowledge of OpenBSD is assumed, since we 
won't delve into system management topics such as 
base configuration or packages/ports installation. 


Installation and base configuration 
Before delving straight into the details of Nagios installation 
and configuration, let's take a brief look at the layout of the 
network that we're going to monitor (Figure 1). 

It's a very simple and small network, made up of: 


¢ aLAN (172.16.0.0/24), containing clients and servers 
not accessible from the public Internet (e.g. file 
server, DHCP server); 

¢ a DMZ (172.16.240.0/24), containing the servers that 
must access the Internet (e.g. mail, web and proxy 
servers); 

° a router, subnet 


in a small (172.16.250.0/24), 


connecting the DMZ to the Internet. 


(MTERMET 
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Figure 1. Monitored Network 
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Our network monitoring system is a security-critical host 
and won't need to directly access the Internet, so it will 
perfectly fit in the internal LAN. 

The OpenBSD installation procedure is documented 
in full detail in the official FAQ (http:/www.openbsd.org/ 
fag/faq4.html), so we won't linger on it here. Nagios 
doesn't have particular requirements and a standard 
OpenBSD installation will do just fine: according to the 
documentation (http://nagios.sourceforge.net/docs/3_0/ 
about.html#requirements), Nagios makes do with just 
a machine running Linux (or UNIX variant). That doesn't 
sound so fussy, does it? 


Packages installation 
Nagios installation only requires adding a few packages 
(http://www.openbsd.org/fag/faq15.html#Pkg!Install): 


IP BLCOnV=$xvK. x <ogzZ 
GeLltexl=x.2.5,602 
PpCre=x%.x.LgzZ 

Gat Hs oer Eo Z 

* ap lediax.s. G2 
hagios—plugins-%.x.tgz 
nag1os=x .x-Chroot.cgz 


Nag1os-web=x.x=Chroou.tgzZ 


The installation procedure will automatically create the 
user and group that the monitoring daemon will drop 
its privileges to (__ nagios). The chroot flavor will install 
Nagios in a way suited for chrooted nttpacs) (http:// 
www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektio 
n=8), i.e. with the CGls (http://nagios.sourceforge.net/ 
docs/3_O/cgis.html) — statically linked and all the 
configuration and log files stored inside the /var/www 
directory. By the way, Nagios has a particular directory 
structure that you will have to become familiar with: 


/var/www/nagios/ 


TT: 


TT 


Figure 2. Directory structure of Nagios 
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this directory contains the static HTML pages for the web 
interface and the online documentation; 


/var/www/cgi-bin/nagios/ 


contains the dynamic CGI pages of the web interface, 
which actually retrieve and display the current status of 
the monitored objects; 


/var/www/etc/nagios/ 


you should put all your Nagios configuration files in this 
directory: we will examine them one by one in a moment; 


/var/www/var/log/nagios/ 


this is the directory where Nagios will create the log (http:// 
nagios.sourceforge.net/docs/3_O/configmain.html#log _ 
file), status  (http://nagios.sourceforge.net/docs/3_0 
/configmain.html#status_ file) and retention (http://nagios. 
sourceforge.net/docs/3_O/configmain.html#state__ 
retention_file) files; 


/var/www/var/log/nagios/archives/ 


Nagios log files are periodically rotated and moved to 
this directory; 


/var/www/var/nagios/rw/ 


contains the external command file (htto://nagios. 
sourceforge.net/docs/3_O0/configmain.html#command_ 
file); 


/usr/local/libexec/nagios/ 


contains the — standard plugins 
sourceforge.net/docs/3_0/plugins.html). 

As a reference, below is a visual representation of the 
directory structure of Nagios, kindly submitted by Bren 
Smith (click here  http:/www.kernel-panic.it/openbsd/ 
nagios/nagiosdirstruct.png for a larger view; see Figure 2). 


(http://nagios. 


Configuration overview 

Nagios configuration may 
at first glance; even the documentation (http:// 
nagios.sourceforge.net/docs/3_0O/beginners.html) warns 
that Nagios is quite powerful and flexible, but it can 
take a lot of work to get it configured just the way you'd 
like. Anyway, don't despair! Once you've figured out the 
underlying logic of its object-oriented configuration, you 
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will appreciate Nagios' flexibility and clean design. For 
the first tests, you can start by tweaking the sample 
configuration files contained in the /usr/1ocal/share/ 
examples/nagios/ directory, customizing them to your 
needs. 

The syntax of Nagios configuration files follows a few 


basic rules: 


¢ comments start with a + character and span to the 
end of the line; 

¢ variable names must begin at the start of the line (i.e. 
no indentation allowed); 

¢ variable names are case sensitive; 

¢ no spaces are allowed around the = sign. 


Configuration involves’ setting several parameters 
concerning the monitoring daemon, the CGls and, of 
course, the hosts and services you want to monitor. All 
this information is spread across multiple files: we will 
now examine them one by one. 


The main configuration file 

The overall behaviour of the Nagios daemon is 
determined by the directives included in the main 
configuration file, /var/www/etc/nagios/nagios.cfg. Though 
this file contains several dozens of parameters, for most 
of them the default value is the most reasonable option 
and you will probably want to care about only very few 
of them (usually cfg file http://nagios.sourceforge.net/ 
docs/3_O/configmain.html#cfg_file, (http:// 
nagios.sourceforge.net/docs/3_O/contigmain.html#cfg __ 
dir) and http://nagios.sourceforge.net/ 
docs/3_0/configmain.html#admin_email). In any case, 
you can find a detailed description of each and 
every parameter in the official documentation (http: 
//nagios.sourceforge.net/docs/3_O/configmain.html see 
Listing 1). 


CEO ie 


admin email 


The resource file 

The resource file allows you to assign values to the 
user-definable macros suserns (where n is a number 
between 1 and 32 inclusive). Basically, in Nagios, 
macros are variables (starting and ending with a dollar 
sign, s) that you can insert into command definitions 
and that will get expanded to the appropriate value 
immediately prior to the execution of the command. 
User-defined macros (and the several other macros 
http://nagios.sourceforge.net/docs/3_0/macros.html 
Nagios makes available) allow you to keep command 
definitions generic and simple (see the next chapter for 
some examples). 
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Listing 1a. Main configuration file 


/var/www/etc/nagios/nagios.cfg 

# Path to main log file and log archive directory. All 
pathnames are relative 

# to the chroot directory '/var/www/' 

log file=/var/log/nagios/nagios.log 


log archive path=/var/log/nagios/archives 


# Paths to files managed internally by the application 
object cache file=/var/nagios/objects.cache 

precached object file=/var/nagios/objects.precache 
status file=/var/nagios/status.dat 

state retention file=/var/nagios/retention.dat 

command file=/var/nagios/rw/nagios.cmd 

lock file=/var/run/nagios/nagios.pid 

temp file=/var/nagios/nagios.tmp 

temp path=/tmp 


check result path=/var/spool/nagios 


# Object definitions (see next chapter) can be split 
across multiple files. 

# You may either list files individually (using the 
Heinen le) joeveehnie nei) Or 

ie (ectenihoy We laetil Wiieie (ollie se eeiem eis (Abie sliaves (elaie came; chi ie’ 
parameter). in the latter 

# case, Nagios will process all files with a '.cfg' 
extension found in the 


# specified directories and their subdirectories 


plas 


cfg file=/etc/nagios/timeperiods.cfg 


eS 


cfg file=/etc/nagios/contacts.cfg 


& 


cfg file=/etc/nagios/commands.cfg 


oe, 


cfg file=/etc/nagios/generic-hosts.cfg 


ey 


cfg file=/etc/nagios/generic-services.cfg 


wey 


cfg dir=/etc/nagios/hosts 


oie 


cfg _dir=/etc/nagios/services 

# Path to the resource file, containing user-defined 
macros (see below). You can 

# specify more than one resource file using multiple 
Daeobiéle Wie Sinelciculewes 


eSSCMICCS WINES) Sie) Melos) WSSOUICES - C155) 


# User and group the Nagios process will run as 
Meaguoswuser— Magros 


Nag LOS egGroup— Nagios 


# Email address and pager number for the administrator 


of the local machine 


aciMiMeemall—-nagrestkerne | panwe. it 


admin pager=xxx-XXX-XXXX 


# Date format (available options: us, euro, iso8601 or 
Seicivere=slsteretoll) 


date EOrmat-cuLe 


# Enable checks, notifications and event handlers. 
Passive checks allow external 

# applications to submit check results to Nagios. Event 
handlers are optional 

# commands that are executed whenever a host or service 
state change occurs 

executes ser ce veneers 

aCeePlaPdsolVe servi cegenecks—| 

]XCeleuiOcrmenceke—— 

Eae@e€epus Passive meseschecks =| 

enable oti icartons—! 


enable event handlers =i 


# Checks freshness options. Enabling these options will 
ensure that passive 

# checks are always up-to-date 

tele sienewalicls) 1sice\s\ aisles e— Il 

SS CVS NissiNsss CSc < Wiles val Sol 

chee iesty suesiness—0 

hest feeshmess cheek Pimlremyall—6)) 


eiclealeat@imisil acre snalersks| | Eevee SiS) 


# External commands allow the web interface and 
external applications (such as 

# NSCA) to issue commands to Nagios. With a check 
ijpenvalvonr “ql Nagios wall 

# check for external commands as often as possible 

eneck external commames =i 

COMmancdme hee k  imLer wel 

exvermaly command (bukter slous—2096 

# Various logging options 

log fOrat ven merhod=d 

Use gsyelog=t 

leogmmoerimeartone=| 

Odeo ove c SLO ianloo 

leGmneste secures =I 

ihe g fev emit niamdiiews =i 

hog ulate l staves —) 


log external vcommands =! 


Togmecdsstve venecks—i 
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Listing 1b. Main configuration file 


# Enable retention of state information between program 


Ie sivelicie: ((gevceie icO 
# documentation for details) 
Eevamiecstates Mroniiat Ten! 
Betentton Updatewinterval—ov 
Use weectomned prodraliystate=" 
Use beta lnedeschocml ing yi mEe— 
retained host aaturibuve wmask—0 
PetaimMed sori copakeriOube Maak—0 
Hetaimedy PrecessenOst pater Moute iask—) 
HelvaiImedwerecess user ice gallu mpitesiias c=) 


Belaimed omtact snOst ater upute mask—) 


HelLaimed  eomtvacts serv Tce valle iputesiask—)) 


# State flapping detection options (refer to 
dOCimenEae TOM On demad is) 

Senate Mlapecctectuon—) 

low (senvuce ilap tntesnold=5 50) 

leigh seevlee mle searesneli— 2070 

Vow shost Nap eheeshold—5. 0 

Ig abejley aversie illeyes elaaersiavolicl 20) 0) 


# Miscellaneous tuning, performance and security 
options (refer to 

# documentation for details) 

interval lengEn—60 

Semy ce pitien Chice delay smleenod—s 

Wax eservite] seneetpspread—5) 

SiS NCS LMC sie Kees) Melero Ss 

hesteiiveuseteccdekay siennod—s 

Max eoOSstwencee  senead—30 

Max Conewmrent checks —0 

Ciee isesuleereaper perequene)— i) 

Mane oc ke reswiheehodpeta ime —o0 

less elveve lc ais bULie Milben elole = S150) 

Gdehed hose cheek horizon 15 

edeitedycer tee vente hert7zon—i5 

enawle ypredtettye ostedeeendency seneeks—i 

Snalwlege red Mellie yser Gee eececndene) gemecks— 

SOLUS edbe sCepencencies—0 

aulLonrescniedulerchiocws—0 

eueOeresenedl img yimbenval— 5) 

auto rescheduling window=180 

Stats gUpdabe yirmbervail—i5 


evetic IiOKS ec COUlOnS= 


Sleco emcee 
SeLVINeS Click wallow ol 
Inolsies jelaiele! oie aluiciowhe = s)(0) 
Sveme) meamcitetr Venmlooum— 50 
NOUIMeation timeout=30 
SespeeImeoutss 


Perreavantameoul=5 


Useraggiessive NOs enecking—V 
Precess Perrormance data—) 
CISeSS Cee SSicwlesss 
Gbsess Over Wosts=i 
Reanslate passive Ost enecks—( 


passive Wostrchecks vara soru—) 


Cheek Eon FOnenamcd oer yvece—U 


Check efor Forphaned thesis =| 


pl file=/usr/local/bin/pl.pl 
efablevemoeddecs Peni —i 
Use euiloctelolsel ee all mito lee yall 


iLliercpetl Close ments elicuesia Ye ss || 
ii Veg al eiacro youueuiemeinars— | <- 

Use eegexp matehing—0 

Usege sve rege <p miiatenimc—) 

daemon dumps core=0 

use large imsetal lation tweaks—0 


enable environmen: macros—| 


# Debug options 

debug milevel—0 

debug everbosity—) 

debug file=/var/nagios/nagios.debug 


itis debug mle ssuze— 1000000 
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User-defined macros are normally used to store 
recurring items in command definitions (like directory 
paths) and sensitive information (like usernames and 
passwords). It is recommended that you set restrictive 
permissions (600) on the resource file(s) in order to keep 
sensitive information protected. 


/var/www/etc/nagios/resource.cfg 

# Set SUSER1S to be the path to the plugins 
SUSER1$=/usr/local/libexec/nagios 

# MySQL username and password 

SUSER2S=root 

SUSER3$=password 


The next step is configuring object data, which is 
probably the trickiest part of the configuration. We will 
therefore devote the next chapter entirely to this topic. 


Object data configuration 
So now it's time to tell Nagios what to keep tabs on. 
Therefore, we must supply it with information about: 


¢ when and how to perform checks and send out 
notifications; 

¢ whom to notify; 

¢ which hosts and services to monitor. 


All this information is represented by means of objects, 
which are defined by a set of define statements, enclosed 
in curly braces and containing a variable number of 
newline-separated directives, in keyword/value form. 
Keywords are separated from values by whitespace 
and multiple values can be separated by commas; 
indentation within statements is allowed. 

To recap, the basic syntax of an object declaration can 
be represented as follows: 


define object { 
keyword-1 value-1 
keyword-2 value-2,value-3,... 
Ee 
keyword-n value-n 


} 


Object definitions can be split into any number of files: 
just remember to list them all in the main configuration 
file by using the cfg tite and/or cfg air directives. 


Timeperiod definition 


The timeperiod statement allows you to specify, for each 
day of the week, one or more time slots in which to run 
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certain checks and/or notify certain people. Time intervals 
can't span across midnight and excluded days are simply 
omitted. 

In the following example, all the timeperioa definitions are 
grouped together in a file named timeperiods.cfg Stored in 
the /var/www/etc/nagios/ directory (see Listing 2). 


Command definition 

The next step is to tell Nagios how to perform the various 
checks and send out notifications; this is accomplished 
by defining multiple commana objects specifying the actual 
commands for Nagios to run. 

Command definitions are pairs of short names and 
command lines (both mandatory) and can contain 
macros. AS we mentioned before, macros are variables, 
enclosed in s signs, that will get expanded to the 
appropriate value immediately prior to the execution 
of a command; macros allow you to keep command 
definitions generic and straightforward. Asimple example 
will make this clear. 

Suppose you want to monitor a web server with IP 
address 1.2.3.4; you could then define a command such 
as the following: 


define command { 

command name eheck=http 
command line /usr/local/libexec/nagios/check http 
Sb cli 2 annie 


} 


This definition is correct and will certainly do the job. But 
what if you later decide to add a new web server? Would 
you find it convenient to define a new (almost identical) 
command, with only the IP address changed? It is way 
more efficient to take advantage of macros by writing 
a single generic command such as: 


define command { 
check-http 
SUSER1$/check http -I SHOSTADDRESS$ 


command name 
command line 


} 


and leave Nagios the responsibility to expand the built- 
IN sHostappResss Macro to the appropriate IP address, 
obtained from the host definition (see below). As you'll 
remember from the previous chapter, the suszris macro 
holds the path to the plugins directory. 

Now let's complicate things a bit! What if you want 
Nagios to check the availability of a particular URL on 
each web server? This URL may differ from server to 
server, so what we need now is a command definition 
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that is still generic and yet server-specific! Though this 
may sound contradictory, once again Nagios solves this 
problem with macros: in fact, the sarcns macros (where nis 
a number between 1 and 32 inclusive) act as placeholders 
for service-specific arguments that will be specified later 
within service definitions (see below for further details). 
Therefore, the above command definition would turn into: 


define command { 


command name Gheck=http 


command line SUSER1$/check http -I SHOSTADDRESSS -u 
SARG1$ 


In addition to the ones we have just seen, Nagios 
provides several other useful macros. Please refer to the 
documentation = (http://nagios.sourceforge.net/docs/3 _ 
0/macros.html) for a detailed list of all available macros 
and their validity context. Below is a sample set of 
command definitions (see Listing 3). 


Listing 2. The time period definitions are grouped together and stored 


/var/www/etc/nagios/timeperiods.cfg 

# The following timeperiod definition includes normal 
work hours. The 

ij ( Gilimlejosveslerel cule! erael “ellilas! ehligeeriyes sce 
mandatory. Note that weekend days 

# are simply omitted 


define timeperiod { 


IME PecaLOG Mame workhours 

elias Work Hours 
monday Co 00S ko 00) 
tuesday OS 00s. 00 
wednesday 09 OCs = 010 
Enucedary OF 00=i3 00 
friday Oo O0E Ie 00) 


# The following timeperiod includes all time outside 
normal work hours. The 

# time slot between 6 p.m. and 9 a.m. must be split 
TNO. EWO —2MErer Vals, LO aveola 

# crossing midnight 


define timeperiod { 


timepervod mame nonworkhours 

elas, Non-Work Hours 

sunday 002 00-24. 00 

monday O02 00-09 2007.3. 00= 24:00 
tuesday 00 00=09 7007 13:00 =24 =00 
wednesday OOOO UOe OCF rs O02 42.00 
thursday 00: 00-09-00, 18:00-24:00 
feuday 00300-09700, bs: 00-24-00 
saturday O00 00=24 = 010 


# Most checks will probably run on a continuous basis 
define timeperiod { 


timeperiod name always 


alias Every Hour Every Day 
sunday 00:00-24:00 
monday 00:00-24:00 
tuesday 00:00-24:00 
wednesday VO SOO 24 00 
thursday 00 00-24 200 
Eeicay 00:00-24:00 
saturday 00:00-24:00 


# The right timeperiod when you don't want to bother 
with notifications (e.g. 
# during testing) 
define timeperiod { 
timeperiod name neveu 
aillilels No Time is a Good Time 
} 
# Some exceptions to the normal weekly time (see 
documentation for more examples) 
define timeperiod { 


IME Genre Mame excepto ne 


alias Some random dates 

PAO OES A Nes) 00:00-24:00 , December 15th, 2008 

iBigibelelye I OC C0-24 200 ; 3rd Friday of every 
month 

february -l OR O0= 24 a0 > last day 1h 
February of every year 

March 20°= june 21 00500-24700 Fars e@ah aie) 

clei Ih es 00:00-24:00 ; First half of every 
month 

ZVCESU1=01 7 7 OOS 00=24 200 ; Every 7 days from 


Jam hse, 2006 
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Contact definition 

contact objects allow you to specify people who should 
be notified automatically when the alert conditions are 
met. Contacts are first defined individually and then 


grouped together in contactgroup objects, for easier 
management. 

For the first time, in the following definitions, we 
will refer to previously defined objects. In fact, the 


Listing 3. A sample set of command definitions 


/var/www/etc/nagios/commands.cfg 
Heeeetteeeeeeeeteeeeaeteaeeadtatteaeatataae added dda dt tte 


# Notification commands # 


# There are no standard notification plugins; hence 


NOEAiCarvon «conmands ware oF 


# usually custom scripts or mere command lines. 


# 


a 


define command { 
command name 


command line 


define command { 
command name 


command line 


define command { 
command name 


command line 


define command { 
command name 


command line 


HOSE-N@ ELEY —by—ema il 
SUScHRISy NOSse NOEL oy ecmat lsh 
SCONTACTEMAILS 


notify—-by-email 
SUSERIS/notify by email.sh 
SCONTACTEMAILS 


NOSE=NOElPyVaDy— ols 
/usr/local/bin/sendsms SADDRESS1$ 
"Nagios: Host SHOSTNAMES 
(SHOSTADDRESSS)is in state: 
SHOsTS TALES? 


HOw MEY =p ysolls 
/usr/local/bin/sendsms SADDRESS1$ 
"Nagios: Service SSERVICEDESCS 

on SHOSTALIASS is in state: 
SSERVICH SLATES 


ie i 

# Check commands # 

# The official Nagios plugins should handle most of your 
needs for host and # 

# service checks. Anyway, should they not, we will 


Giscuss 2m a moment Now to 4 


# write custom plugins. # 
HeeeHHH HHH Hee a Ha AEE HEE EE EEE 
define command { 

check-host-alive 

SUSERI$/check ping -H SHOSTADDRESSS 
“Ww C0000, 60> =—c 50000, 00> -—pe 


command name 


command line 


define command { 
check-ssh 


SUSER1$/check ssh SHOSTADDRESSS 


command name 


command line 


define command { 


command name cheeks ite 
command line SUSER1$/check http -I $SHOSTADDRESSS 
-u SARG15 
} 
define command { 
command name cheek[smrp 


command line SUSERIS/check smtp —-H SHOSTADDRESSS 


define command { 
command name ehneek—imap 


command line SUSERI$/check imap -H SHOSTADDRESSS 


define command { 

check-dnis 

SUSER1$/check dns -s SHOSTADDRESSS 
-H SARGIS -a SARG2S 


command name 


command line 


define command { 
command name check-mysql 
SUSERI$/check mysql -H SHOSTADDRESS 


-u SUSER2$ -p SUSER3$ 


command line 
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Listing 4. Command objects 


/var/www/etc/nagios/contacts.cfg 
define contact { 
# Short name to identify the contact 
contact name john 
# Longer name or description 
alias John Doe 
7 Eiable MOLIMCaltons for Elis Comcace 
hese NOtilecattons enabled i 
Service NOullcadelenen enabled 
# Timeperiods during which the contact can be notified 
about host and service 
# problems or recoveries 
hest Motitication peried always 
Servyuce MOUMICart on pen rod always 
# Host states for which notifications can be sent out 
EO, Gis “Contace 
# (d=down, u=unreachable, r=recovery, f=flapping, 
n=none) 
Hest Mottmicet lon opitens lls 
# Service states for which notifications can be sent out 
BO) telhiES FeOniacr 
# (W=warning, c=critical, u=unknown, r=recovery, 
f=flapping, n=none) 
Service NObIIGawl On TOP ELons Ul ey te 
# Command(s) used to notify the contact about host and 
service problems 
# or recoveries 
host notification commands NOSE=SNOE UE Oy — 
ea tiv host -noEliy—-by—-oMs 
service NOtiication commands meta fy—by— 
email, NOrliy—-by-sMs 
# Email address for the contact 
email jdoe@kernel-panic.it 
# Nagios provides 6 address directives (named addressl 
through address6) to 
# specify additional "addresses" for the contact (e.g. 
a mobile phone number 
# fOr SMS NOkifcalions) 
addressl OCS KOCK a KOCK 
# Allow this contact to submit external commands to 
Nagios from the CGIs 


can submit commands i 


7 The following contact 15 splan an two, 8O allow for 


different notification 


# options depending on the timeperiod 


define contact { 


COnvace Mame 
adiitas 
Hest NOtincaktons enabled 
Sete OE MICae Tons semaloled 
host Notincatvon period 
Service MNOuMmEedenom Period 
Host MOLIMMecaLTOn OpElons 
Setuice MOE Mca Ton eOpETens 
h@st Notiicakvon commands 
Sem ce NOtinicarion commands 
email 

[orel Gakic 


can submit commands 


define contact { 


} 


[os 


# All administrator contacts are grouped together in 


COmeace oname 

enintars 

hose NOwuMlecau ions enabled 
Service MOUMcae ons onal led 
Host MOtuicakveony per lod 
Service NOkImMedeTom period 
h@st) NOtancatton Options 
SemvilCe OE MiCak HOM OpiTons 


host NoOtancaliton commands 


email, host—nority—by—oMs> 


Service MOulmeduron conmaneis 


email,notify-by-SMS 


email 
addressl 


can submit commands 


-| 


the “Admins” 


# contactgroup 


define contactgroup { 


COnEdecrgroup Mame 


alias 


AGMinieh raters 


members 


danix@kernel-panic.it 


danix@work, danix@home, john 


danix@work 

Daniele Mazzocchio 
il 

il 
workhours 
workhours 

Gu 
Willy Cy 
hOst-=noelry—-by—email 
notify—-by-email 


danix@kernel- 


danix@home 

Daniele Mazzocchio 
1 

il 

nonworkhours 
nonworkhours 

di, u 

© 


Worse eke! Gal melon me 


NOELLE Y—by— 


OO OO 


1 


Admins 


Nagios 
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Listing 5. The creation of a template 


define host { 
name generic-host- 
template # Template name 


check command eheek-hest-alive 


Check pemued always 
Max check avenprs 5 
NOEIMEa LION OPE LOS Gee 
register 0 


# Don't register it! 


Listing 6. Nagios allows multiple levels of template objects 


/var/www/etc/nagios/generic-hosts.cfg 

# The following is a template for all hosts in the LAN 
define host { 

# Template name 


name generic-lan-host 


# Command to use to check the state of the host 
check command check hos tra live 
# Contact groups to notify about problems (or 
recoveries) with this host 


GOHEACEOLOlps Admins 


# Enable active checks 
acuivereieckouemao ke i 
# Time period during which active checks of this host 
can be made 
check peruod always 
# Number of times that Nagios will repeat a check 
returning a non-OK state 


Wax veheek var comps 5 


+ PRaole Ene evens handler 


evene wiandleorvenabled i 


# Enable the processing of performance data 


PEOCess pert dave ik 


¢ Hnable retention of host Status information across 
REOG ram restarts 
Beran Status |inrornar ven it 


7 Enabhe PeLention Of NOSt AMOn-stacus tmrormats on 


aeCrOoS sprog ream eres tales 


retain NOlstabus Intormation ik 


# Enable notifications 
NOLIMect ions penciled ih 
# Time interval (in minutes) between consecutive 
HOr MMCabTOnssabOuE Ene 
yp Severe Ioesuele:  sewiil (eloiia ore Naueeeteiaeloie 
NOUINGabiOn interval WANG 
# Time period during which notifications about this host 
can be sent out 
NOUIMecattont pened always 
# Host states for which notifications should be sent 
out (d=down, 
# u=unreachable, r=recovery, f=flapping, n=none) 


NO ANE de wOmPOpiENens d,u,¥© 


# Don't register this definition: it's only a template, 
HOt ate aC cual iOS t 


register 0 


# DMZ hosts inherit all attributes from the generic- 
lan-host by means of the 

# 'use' directive. The only difference is that Nagios 
has 0 ge chrough Tne 

# internal (CARP) firewalls to reach the DMZ servers, 
thus requiring the 

# additional 'parents' directive. 

define host { 


name generic-dmz-host 


# The 'use' directive specifies the name of a template 
object that you want 
# this host to inherit properties from 


use generic-lan-host 


# This directive specifies the hosts that lie between 
the monitoring host 
# and the remote host (more information here) 


parents fw ie 


# This too is a template 


register 0 
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values of the host notification period and 
notification period directives must be timeperiod 
objects; (http://www. kernel-panic. it/openbsd/nagios/ 
nagios3.html#nagios-3.1) and the values of the nost_ 
notification command and 
directives must be command objects (http://www.kernel- 
panic.it/openbsd/nagios/nagios3.html#nagios-3.2; see 


Listing 4). 


Service 


Service NOLirlicacion command 


Host definition 

Now we have finally come to one of the most important 
facets of Nagios configuration: the definition of the 
hosts (servers, workstations, devices, etc.) that we 
want to monitor. This will lead us to introduce one of 
the most powerful features of Nagios configuration: 
object inheritance (http://nagios.sourceforge.net/docs/ 
3 O/objectinheritance.html). Note that, though we are 
discussing it now first, object inheritance applies to all 
Nagios objects; however, it's in the definition of hosts and 
services that you can get the most out of it. 

In fact, configuring a host requires setting up quite 
a few parameters; and the value of these parameters 
will normally be the same for most hosts. Without object 
inheritance, this would mean wasting a lot of time typing 
the same parameters over and over again and eventually 
ending up with cluttered, overweight and almost 
unmanageable configuration files. 

But luckily, Nagios is smart enough to save you 
a lot of typing by allowing you to define special 
template objects, whose properties can be _ inherited 
by other objects without having to rewrite them. Below 
is a brief example of how a template is created: see 
Listing 5. 

As you can see, a template definition looks almost 
identical to a normal object definition. The only differences 
are: 


¢ every template must be assigned a name with the 
name directive; 

¢ since this is not an actual host, you must tell Nagios 
not to register it by setting the value of the register 
directive to 0; this property doesn't get inherited and 
defaults to 1, so you won't need to explicitely override 
it in all children objects; 

¢ a template object can be left incomplete, i.e. it may 
not supply all mandatory parameters. 


To create an actual host object from a template, you 
simply have to specify the template name as the value of 
the use directive and make sure that all mandatory fields 
are either inherited or explicitely set: 
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define host { 


host_name hostname 

use generic-host-template 
alias alias 

address ) i apa 


} 


Well, now let's move from theory to practice and define 
two host templates for our servers. Note that the second 
one inherits from the first; this is possible because 
Nagios allows multiple levels of template objects (see 
Listing 6). 

Now we can take advantage of our templates to define 
the actual hosts in a few lines (see Listing 7). 

Hosts can optionally be grouped together with the 
hostgroup statement, which has no effect on monitoring, 
but simply allows you to display the hosts in groups in the 
CGls (see Listing 8). 


Service definition 

Configuring the services to monitor is much like 
configuring hosts: object inheritance can save you a lot 
of typing and you can group services together with the 
optional servicegroup statement. The definition of our 
service template (see Listing 9). 

Now, before moving to services definitions, we should 
complete our discussion on passing service-specific 
arguments to commands by means of the sarcns macros. 
As you'll remember, these macros act as placeholders: 
they expand to the nth argument passed to the command 
in the service definition; for instance, a command 
definition such as the following expects to be passed two 
arguments: 


define command { 
some-command 
SUSER1$/check_ 
something SARG1$ SARG2S$ 


command name 


command line 
} 


Therefore, to configure a service check to use the above 
command, we will need to assign the check command 
variable a string containing the command's short name 
followed by the arguments, separated by : characters. E.g.: 


define Service { 
SSrvice description some-service 
check command some-command! arg- 
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Listing 7. Defining the actual hosts in a few lines 


/var/www/etc/nagios/hosts/servers.cfg notes This is the Squid 


# COMNGuUration for Host ansi. lan kernel -—panic. 16 proxy server 


define host { intone Sse Ole Il http: //www.kernel- 


use generic-lan-host Panilc-1t/openbosd,/ proxy 

host _name ens icon image PLOxy. pug 

eels LAN primary master Teomy image valit [Proxy | 
name server statusmap image pEOxy jodZ 


address i Gs OG |: } 


# Extended information (completely optional) eee 
notes [hiss the /var/www/etc/nagios/hosts/firewalls.cfg 
internal primary master name server # Configuration for host fw-int.kernel-panic.it 


7 URL Wik MOre Information about this Host define host { 


MOSS hel) http: //www.kernel- use ene tree lant. ness 
panic.it/openbsd/dns/ host_name fw-int 
# Image associated with this host in the status CGI; alias Internal firewalls' 


images must be placed in CARP address 


# /var/www/nagios/images/logos/ address I GeO 02 


icon image 


he ony Wimlage val iay 


1con_ image 
Leon image val 


statusmap image 


define host { 
use 
host mame 
evaiets 


address 


dns png 


(OLLI NG atsed Tn ene sale? sag 1On seer leon image 


[dns ] 


# Image associated with this host in the statusmap CGI 


panic.it/openbsd/mail/ 


maa I png 
[Mail] 
maniegaZ 


# (Contiguracion for Nost oroxy., kerne) —panic.1t 


generic-dmz-host 
proxy 
IIOP SSE VS 16 


2 oe 0e lol 


notes Virtual CARP 
address of the internal firewalls 
Mere Ss Ble http://www. kernel- 


panic.it/openbsd/carp/ 


statusmap image dns .gdZ icon image fw.png 
} TeoOn, image valit [FW] 
statusmap image fw.gd2 
# Configuration for host mail.kernel-panic.it } 
define host { 
use generic-dmz-host # Configuration for host mickey.kernel-panic.it 
host name mail esine Os tay 
allies Mail server use generic-lan-host 
eddisess I Zo ZAO G0 host_name mickey 
notes Tis is thie Pos tix alias Internal Firewall 
mail server (with IMAP(S) and web #1 
BCS 5/5) address ITA No RO er 00, 
notes url http://www.kernel- notes Internal firewall 


(first node of a two-nodes CARP 
cluster) 
notes url http: //www.kernel- 


panic.it/openbsd/carp/ 


icon image fw.png 
1eom, image velit [FW] 
statusmap image fw.gd2 
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Listing 8. Displaying the hosts in groups in the CGls 


/var/www/etc/nagios/hosts/hostgroups.cfg 
# Domain Name Servers 


define hostgroup { 


hostgroup name DNS 

alias Domain Name Servers 
members dist dns2 7 dns3-dns4 
notes Our internal Domain 


Name Servers, running Bind 9.4.2-P2 
} 
# Firewalls 


define hostgroup { 


hostgroup name firewalls 
enlias CARP Firewalls 
members mickey,minnie, dona 


ld, daisy, EWw-int, LW-ext 
notes Our CARP-enabled 


neewalls (DOEn virtual and physical 


addresses) 
} 
# Web servers 
define hostgroup { 
hostgroup name WWW 
alias Web Servers 
members wwwl,www2 
MOSS Our corporate web 


servers, running Apache 1.3 


Listing 9. The definition of our service template 


/var/www/etc/nagios/generic-services.cfg 
define service { 
# Template name 


name generic-service 


# Services are normally not volatile 


abs) Wee hehe alee 0 


# (OMeace Groups EO MoE ty abouc, propiems | (or 
recoveries) with this service 


COIMEIEIE CLaelbhors Admins 


# Enable active checks 
acuive cileckomenalo led i 
# Time period during which active checks of this 
service can be made 


eneekiperiod always 


Time interval (in minutes) between "regular" checks, 
i.e. checks that 
occur when the service is in an OK state or when the 
service is in a non-OK 
Stave, but has already been rechecked max neck - 
attempts number of times 
nomial jeheck imterya ll 5 
Time interval (in minutes) between non-regular checks 
SIGION A CMeVe G TMibieve Wield. 1 
Number of times that Nagios will repeat a check 
returning a non-OK state 
Max ycheeck attempts 3 
Enable service check parallelization for better 
performance 
(Pare crliie Ikize ene ik 
Enable passive checks 


Passive checks senabilled 1 


Enable the event handler 


evene tMandilen enaoled 1 


Enable the processing of performance data 


PrOcesc perk data 1 


Enable retention of service status information across 
Pregram festares 
Ketan statis, Ire matron iL 
Enable retention of service non-status information 
geLOoS Program erestales 


retail NONSstabis Information 1 


Enable notifications 
NOL MMeatlons yenaloiled il 
Time interval (in minutes) between consecutive 
MOLIMNCARVONS ap0uE Ene 
Semialee Hoc un Garo Gilli asin Chen OK ra waue 
NOUINGabTOny interval 120 
Time Period OuUring which nOtIncaLions abouE Elis 
service can be sent out 
Mok IMiCatron period always 
Service states for which notifications should be sent 
Out (C=Crrincal, 
w=warning, u=unknown, r=recovery, f=flapping, n=none) 


NOLIMNGaATION OPE Lons We Ulipse p ie 


register 0 
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Listing 10. Proceeding to the definition of the actual services 


/var/www/etc/nagios/services/services.cfg 
# Secure Shell service 
define service { 
use generic-service 
SSeS Cleswien eto 55H 
# Short name(s) of the host(s) that run this service. 
If a service runs on all 
# hosts, you may use the '*' wildcard character 
host_name . 
check command eheekeesin 
# This directive is a possible alternative to using the 
members directive in 
# service groups definitions 
servicegroups ssh-services 
# Extended information 


notes Avy ae ikaloanieiete yen 
the SSH daemon 


notes url nee e// 
www.openssh.org/ 
Leon) image So lies On) 
LeoOM image sa lt [SSH] 
} 
# Web service 
define service { 
use generic-service 
SSIOpLCS Cle siete tom WWW 


wwwl,www2 


check-http! / 


hesr iame 


check command 


index.html 
notes Availability of the 
corporate web sites 
notes url Leap ie, y/ 
www.apache.org/ 
Léon, image www.png 
Leon Image salt | WWW | 
j 
define service { 
use generic-service 
Seb Vicemieccripelon WWW 
Hest smame mail 


check command Cees ere, 

webmail/index.html 

notes Availability of the 
web access to the mail server 


notes url yeep, 7 


www.squirrelmail.org/ 
icon image www.png 


TEOn image valle [WWW | 


Listing 11. Services can be grouped together with the 
,servicegroup” directive 


/var/www/etc/nagios/services/servicegroups.cfg 
define servicegroup { 
Sem teednoup mane www-services 
alias Web Services 
# The 'members' directive requires a comma-separated 

(ice Os Os Eeane 
# service pairs, e.g. ‘hostl,servicel,host2,service2, 


' 


members wwwl, WWW, www2, WWW, 


mail, WWW 


define servicegroup { 
servicegroup name dns-services 

alias Domain Name Service 

dnisl DNS, cns2, DiS, 


dnss) DNS) dnsa4eDNs 


members 


# The members of the following servicegroup are 
specified with the 
# 'serviecegroups' directive in the 'SSH' service 
definition 
define servicegroup { 
Sek vicegroup smaiic ssh-services 


alias Secure Shell 


Service 
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Now we can proceed to the definition of the actual 
services: see Listing 10. 

Just like hosts, services can be grouped together with 
the servicegroup directive: see Listing 11. 


Well, the bulk of the work is over now: the last step is 
configuring the web interface and then we will finally be 
able to set our Nagios server to work! 


Listing 12. Reviewing how to create users in Apache 


/var/www/etc/nagios/cgi.cfg 

# Path to the main configuration file (relative to the 
CiZoor) 

main config file=/etc/nagios/nagios.cfg 

# Path to the directory where the HTML files reside 
(relative to the chroot) 

physical html path=/nagios 

# Path portion of the URL used to access the web 
interface 


url hum! path=/nagios 


# Disable context-sensitive help 


show scontext. help—0 


# Enable authentication for the CGIs 

USsereuebent hear leon 1 

# Uncomment the following directive to set a default 
user for unauthenticated 

# sessions (strongly discouraged) 


#default user name=guest 


iy (ale Veliiclnevelwetel ier! limes s (lente 2. (erent 
separated list of 

# authenticated web users who can: 

# — view system/process information in the extended 
DnOemat Lon Gm 

auc nOruZed srOr ss ystem pt mrornakton—Nagtosadiin, seeraror 

# -— view configuration information in the configuration 
CGE: 

authorized Lor onligurablon InfOrmarlon—=nagitosadmin, © 
Pewaeor 

# -— issue system/process commands via the command CGI: 

authorized for system commands—nagiesadmin 

# — view Status and COntiguration information for all 
services 

aut nomi Zed cor (alli servilees —nagtos admin ,Opetrar er 

# —- view status and configuration information for all 
HOSES 

authorized) fon jal i hosts—naglosadmin, operavor 

# - issue commands for all services via the command 
CGE: 


authorized for lal lisernvice (commands—-nagiosadmin 


7 = issue commands for all hosts vie the command CGi-: 


aulnoruzed for alll tiesic commands —nagvosadman 


# Oprions tor the Stacus Map and Status World CGis 
statusmap background image=smbackground.gd2 
detaule sracusmae layour—o 

default statuswrl Vayour=4 


Statuswrl sinedude-nyworld=wrl 


# Command to use when attempting to ping a host from 
the WAP interface 
Ping syntax—/sbin/ping =m —ce, 5 SHOSTADDRESs> 


# Time interval (in seconds) between page refreshes 


ber Bese earbe— 0 


# List of audio files to play in the browser in case of 
problems. These files 

# are assumed to be in the /var/www/nagios/media/ 
Gdiunecrory 

host Unteachable sound-hostdown.wav 

host down sound=hostdown.wav 

Sie gv (Cicer wake ll sro vialel cies Week ei y 

SELvilce Warning Sound-warhing. wav 

service unknown sound=warning.wav 


#normal_ sound=noproblem. wav 


# HTML and URL target options 
ece TOnmUml Trameet— lohan 
Moers) Wiad eeliceicte— lel kenge 


escape tml trags=1 


# Restrict users from changing the author name when 
submitting comments, 

# acknowledgements and scheduled downtime from the web 
interface 


hock yaurnor mamas =i 


# Splunk integration options 
enable splint imtbegrataon—) 


jsplune Orl—tiepe/ /17 7.0.01 80007 
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Listing 13. Apache configuration — 1 


# openssl genrsa -des3 -out server.3des-key 1024 

Generating RSA private key, 1024 bit long modulus 

Re ee oe Ces mee sas 

aba eee 

e is 65537 (0x10001) 

Enter pass phrase for server.3des-key: passphrase 

Verifying - Enter pass phrase for server.3des-key: 
passphrase 

# openssl rsa -in server.3des-key -out server.key 

Enter pass phrase for server.3des-key: passphrase 

writing RSA key 

# openssl req -new -key server.key -x509 -out 
server.crt -days 365 

You are about to be asked to enter information that 
will be incorporated 

into your certificate request. 

What you are about to enter is what is called a 
Distinguished Name or a DN. 

There are quite a few fields but you can leave some blank 


For some fields there will be a default value, 


If you enter '.', the field will be left blank. 

Country Name (2 letter code) []: IT 

State or Province Name (full name) []: State 

Locality Name (eg, city) []: Locality 

Organization Name (eg, company) []: kernel-panic.it 

Organizational Unit Name (eg, section) []: Information 
Technology 


Common Name (eg, fully qualified host name) []: 
nagios.kernel-panic.it 

Email Address []: nagios@kernel-panic.it 

# chmod 600 server.key 

# rm server. 3des-key 

# mv server.crt /etc/ssl/ 


# mv server.key /etc/ssl/private/ 


Listing 14. Apache configuration — 2 


/var/www/conf/httpd.conf 
Script Aivas  / Glo Magios s / Var, Ww, Combi mMagios” 
<Directory "/var/www/cgi-bin/nagios"> 

SSLRequireSSL 

Options ExecCGI 

AuthName "Nagios Access" 

AuthType Basic 

AuthUserFile /users/nagios.passwd 


Require valid-user 


Order deny,allow 

Deny from all 

# Authorized clients 

Allitow from 2.720.021" 2 G20 3 


</Directory> 


Alias /nagios "/var/www/nagios" 


<Directory "/var/www/nagios"> 


SSLRequireSsL 


Options None 


AllowOverride None 


AuthName "Nagios Access" 
AuthType Basic 
AuthUserFile /users/nagios.passwd 


Require valid-user 


Order deny,allow 

Deny from all 

# Authorized clients 

Divlow from 2) 2.0; Oa al 2G els 


</Directory> 


Listing 15. The -v option 


# /usr/local/sbin/nagios -v /var/www/etc/nagios/ 
Maglos. cng 

Nagaoce 220. 6 

Copyright Ke) 1995-700 s Bihan  Galsiteds (hike. / 7 
www.nagios.org) 

hast. Modimeds 12-01-2008 

License: GPL 


Reading configuration data... 


Running presi9ght “check on cContiguratton data... 


Total Warnanes<: 0 


Lote herere: 0 


Things look okay - No serious problems were detected 


during the pre-flight check 
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Setting up the web interface 

Nagios doesn't have a specific client application to access 
the monitoring information; instead, it relies on the Apache 
(http://httpd.apache.org/) web server to provide a very 
simple yet powerful web interface, accessible via any 
browser and allowing users to access current status 
information, browse historical logs, create reports and, if so 
configured, issue commands to the monitoring daemon. 


CGlIs configuration 
Nagios' web interface relies on a series of CGI programs 
written in C. The CGls read their configuration information 
from two files: the main configuration file and cgi.cég, 
located, by default, in the /var/www/etc/nagios/ directory. 
Below is a sample configuration file; pay particular 
attention when setting the authorized for * directives, 
because they allow you to assign special privileges to 
authenticated users and are, therefore, highly security 
critical. In the next section, we will review how to create 
users in Apache (see Listing 12). 


Apache configuration 
The web interface holds particularly sensitive information 
about network and services and may even allow the 
execution of commands that directly affect the monitoring 
daemon. As a consequence, it is strongly recommended 
that you configure authentication for accessing the CGls. 
User authentication files are managed with the ntpasswad (1) 
(http:/www.openbsd.org/cgi-bin/man.cgi?query=htpasswd&s 
ektion=1) utility. Note that the first time you run this command, 
you must supply the -- option to create the password file: 


# htpasswd -c /var/www/users/nagios.passwd nagiosadmin 
New password: password 

Re-type new password: password 

Adding password for user nagiosadmin 

# htpasswd /var/www/users/nagios.passwd danix@work 

New password: password 

Re-type new password: password 

Adding password for user danix@work 


it 


An authenticated user whose username matches the short 
name of a contact definition is called an authenticated 
contact and is automatically granted access to information 
and commands for those hosts and services for which 
he is contact (please refer to the documentation (htto:// 
nagios.sourceforge.net/docs/3_O/cgiauth.html) for further 
details about authentication in the CGls). 

Well, now that we have Apache requiring users to 
authenticate, we should also configure SSL to avoid 
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sending passwords in clear text. Below are the openssi (1) 
(http://www. openbsd.org/cgi-bin/man.cgi?query=openssl 
&Sektion=1) commands to create a self-signed certificate 
(a more detailed discussion about certificate management 
can be found here http:/www.modssl.org/docs/2.8/ssl_ 
faq.html; see Listing 13). 

The last step is configuring Apache to actually require 
authentication and encryption to access the Nagios 
interface by adding the following lines to the /var/www/ 
conf/httpd.conf configuration file: see Listing 14. 


Running Nagios 
Well, it looks like we're done with the configuration for 
now! Then we can make Nagios evaluate our hard work 
by invoking it with the -v option: see Listing 15. 

lf no errors were detected, then the long-awaited moment 
has arrived: we are ready to start Nagios! Though not 
before having created the directory for the lock file (Note: if 
you haven't rebooted since installing the Nagios packages, 
the /var/run/nagios/ directory should already exist). 


# apachectl startssl 
/usr/sbin/apachectl startssl: httpd started 
# install -d -o nagios /var/run/nagios 


# /usr/local/sbin/nagios -d /var/www/etc/nagios/nagios.cfg 


You can check if everything is working fine by connecting 
to the web interface (https://your.server.here/nagios/) 
or taking a look at the logs (/var/www/var/log/nagios/ 
nagios.log). To finish up, we have to configure the system 
to start both Apache and Nagios at boot time, by setting 
the httpd flags variable in the /etc/rc.conf.1local file: 


/etc/rc.conf.local 


httpd) flags="-Dssh" 
and by adding the following lines to the /etc/rc.1ocai file: 


Jecc/ rc.local 

if [ -x /usr/local/sbin/nagios ]; then 

install -d -o nagios /var/run/nagios 

echo -n ' nagios' 

/usr/local/sbin/nagios -d /var/www/etc/nagios/ 


nagios.cfg 


In the next chapter we will take a look at how to extend 
Nagios with some of its most popular addons. 


DANIELE MAZZOCCHIO 


Latest version: http://www.kernel-panic.it/openbsd/nagios/ 
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Replacing Microsoft Exchange 


Server 


Step one: Installing Horde Groupware 


Installing set of open-source programs without lack of 
functionality Instead of Microsoft Exchange Server. This way 
Groupware-part will be replaced on Horde Groupware. 


What you will learn... 
- how to install, configurate Horde 
« changing tabs settings 


Program without any analogue 

So, exactly this name carried Microsoft Exchange for ages as 
for their supporters, as for their enemies on various Internet- 
forums. Any question for any search engine (exchange 
replacing) (exact phrase) usually generated at least 500 links. 
For my pity, most of these links carried one sentence — either 
replacing it with Communigate Pro [1] (good program, but is 
not opensource), or with Zimbra [2] (which is so tight binded 
with Linux, that guide for building Zimbra on FreeBSD reading 
as some terrible wizardry) [3]. Also, you can find some other 
programs with various stages or usability, self-made utilities... 
One of some variety of these utilites is a eGroupware [4], 
moreGroupware [5] and Horde Groupware Webmail Edition 
[6]. But, at bottom of any of these utilities guide you can find 
a remark — (We are sorry, but when you will use our tool, 
you cannot do this task, and when use this tool — this task...) 
Here | will give a short list of Exchange components and tell 
why both — their supporters and their enemies are calling it (a 
program without any analogue) 


¢ SMTP-server, which task is to exchange mail with 
external servers 

¢ POP3/IMAP/MAPI-server, which task is to exchange 
mail with internal users 

¢ Groupware-server, which carried collaboration task 
(calendar, tasks, notes) also as Microsoft Outlook 
syncronization. 
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What you should know... 


« have an idea of Microsoft Echange 


¢ Web-server, which allows access to Exchange 
mailbox from standard browser, called OWA 
— Outlook Web Access. 

¢ Active Directory (AD) integration, allows taking data 
about mail users and contacts directly from AD. 


It is not surprising, that when contrafact software was 
widely spread, Microsoft Exchange had reached this 
popularity — one program takes all (or quite all) tasks 
about communications. Replacing Exchange required 
at least 5 separate components to fully implement all 
functions, so we will replace Exchange consecutively 
— step one OWA and groupware will replaced with 
some opensource software, and step two — mail server 
will replaced with opensource projects — sendmail (for 
outgoing mailing) and dovecot (for incoming mailing, 
POP3, IMAP, shared folders accessing) 

As a replacement for OWA and groupware server | have 
tried mentioned above eGroupware, moreGroupware 
and Horde Application Framework and selected Horde. 
Even though eGoupware seems to be a perspective 
development, due to the more simple installation for 
ordinary user without any programmer's skills, Horde 
looks more logical and better implemented, this makes it 
more understandable. That allows skilled user update it 
for their requirements pretty short time. Also, on selection 
Horde affected configuration management — any of 
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configs for Horde sets as typical UNIX-way — editing as 
text file. All of the parameters are transparent, but has 
only small quantity of comments. 

Horder Groupware Webmail Edition (groupware-part 
from Horde Application Framework) takes three Exchange 
tasks — groupware-server (managing calendars, tasks 
and notes), accessing at mailboxes through browser and 
contacts with Active Directory integration. 

But, as usual, main reason will be a price. And some 
time not only price... 


Nokia with colorful display 

At the begginnig to be honest — first task wasn’t about 
replacing Exchange. First task was simply to give an 
access to corporate mail from mobile box (as Nokia 
proudly called it), model Nokia N97. Also we had a Nokia 
N95 8G smartphone and cheap communicator Mitac MIO 
DigiWalker with Windows Mobile 5.x 

A variant (mobile VPN + Mail for Excnage), which was 
offered by Nokia, was declined because it had no PPTP 
support, it had very complex setup, and required to spent 
many time to test some variants of using this program. 
Also this variant required hardware gateway, which not all 
user were in position to buy. 

The only next variant — throw outside OWA, started on 
internal Exchange server through non-standard port and 
hardened this variant by SSL. Nothing was expected, that 
this small task would break Exchange. 

| have skipped NAT setting details. To say only, that 
OWA runs on port 11222 as expected and we could see 
on communicator screen content of mailbox after required 
question about username and password. 

Lucky and complacent, we type similar address on 
Nokia N97. And for long-time looked on line (/nternet: 
cannot connect to protected channe/) with a complete 
misunderstand — which (protected connection), https 
did not specified and SSL was not setup on server 
side! 

After repeating this error on Nokia N95 with similar 
message, we have installed trial version of Opera Mini. 
Opera was more communicable and this moment we have 
stroked — authorization dialogue! Browser cannot display 
authorization dialogue, because OWA authorization 
does not dialogue with form, but does it with system 
procedures! 

And latest kick on task to make an access through 
OWA was a phone call at Nokia technical support. Nokia 
support told about Mail for Exchange, about OWA and 
about this situation, that we cannot and did not access 
OWA — for Nokia best choice is Mail for Exchange :-) 
A circle was finished. | do not like to discuss Nokia and 
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Microsoft relations, but we with our task was at one circle 
side, but OWA — at another side. 


Welcome to Portal! 

So, this way Nokia didn’t show itself from the best side. So, 
we sigh for some time and start to working with Horde, when 
task is modified up to (allow access to corporate mail with 
some way). And, when we said (corporate mail), we should 
said (calendar, tasks and notes). So, using opensource 
groupware projects this way was very natural. 

| will not describe in details a testing for groupware- 
software projects, which | have tried to use. | can 
tell only, that eGroupware has some potential, and it 
will be implemented, when eGroupware distributors 
understand, that contact list in groupware (especially, 
when authorization does through Active Directory) usually 
keeps in Active Directory. But now | have not detected 
at eGroupware any tools to pointing where we must 
take mail addresses and how to use it — only their own 
addressbook. MoreGroupware has similar flaw, and also 
has mostly primitive interface. So, that why | chose Horde 
Application Project. 

At all, Horde contains many and many modules, 
which we do not need. Here is a photoaloums manager, 
bugtracker, file manager, bookmarks manager... | didn’t 
need all of these functions and so | have searched Horde 
in ports. And, of course, | have found it. Quite unpleasant 
surprise was this — port was called norde-meta, not simply 
horde aS Similar ports — kde, xorg ... 


# cd /usr/ports/www/horde-meta 


# make 


As any another good port, it had a configuration screen, 
where we can switch on or off some modules (see Figure 1). 


Reet beri ral Pale] E3 


Detions for meta 1,.0_6 


FProte Gallery 
CVS Web Viewer 
Dynamic Imp 

eb-Dased File Manager 
Time Tracking Application 
Password Changing Hodule 
THAP bieheaail Syatom 
Email-Filter Hanagement 


Java SSH Applets 

Calendar Application 
Habilea Wabmail Syeatem 
Hotes and hero Applicat Lon 
Task List Hanager 
Hetwork Mona tor 
Bookmark Hanager 


Cancel 


Figure 1. Configuration screen of horde-meta port 
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We need only some modules. Some another, of course, 
will be useful, but we need only: 


e IMP — mail managing module. Managed an access to 
mailboxes on IMAP/POP3 protocol. 

¢ MIMP — mobile version of IMP. Optimized for phones 
and communicators. Gives an access only for mailbox 
(so, when your browser recognized as mobile — we 
cannot access to contact list, calendar and tasks. But, 
usually mobile devices has their own) 

¢ Ingo — mail filtering and spam protection module 

¢ Kronolith — calendar/scheduler module 

¢ Turba — address book module 

¢ Nag — tasks managing module 

e Mnemo — notes managing module 


| should note, that Horde have a synchronizing server 
for mobile devices (smartphones, communicators) and 
Microsoft Outlook program with SyncML 1.1 or 1.2 
version. 

| was little bit disappointed, that documentation with 
good (or at least moderate) quality had missed. Neither 


Listing 1. Making virtual host 


Testeen 18511 
“Vier welt@s tao es lds code 
serverName horde.shelton.net 
ServerAdmin webmaster@shelton.net 
DocumentRoot "/usr/local/www/vhosts/horde/" 
ErrorLog "/usr/local/www/log/horde/httpd" 
CustomLog "/usr/local/www/log/horde/access" common 
—Tivodule sips module 
AddType application/x-httpd-php .php 
AddType application/x-httpd-php-source .phps 
</TfModule> 
Include etc/apache22/extra/httpd-languages.conf 
<liModule mime module> 
AddType application/x-tar .tgz 
AddEncoding x-compress .Z 
ACOENCOGING | X=97 10 202.) 2 ECZ 
Addbanditer coqi-scripe cod 
</IfModule> 
<Directory "/usr/local/www/vhosts/horde"> 
AllowOverride None 
Order allow, deny 
Allow from all 
</Directory> 
GS) Va eelelsleys o> 
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for Russian, nor for English. Only wiki on [7], where 
was done quite unsuccessful try to coordinate all things 
about setting up Horde. Of course, cont.php files has a big 
bunches of comments, some variables is self-named, 
some things are evident, about some another things | can 
read at mailing lists... But, at all as usual — to successful 
installation of portal you should be a_ programmer, 
preferable PHP. 

Well, we are started. 

We have only couple global requests for Horde — 
web server and database. We will use MySQL, but is 
possible using PostgreSQL also as 5 another DB, even 
Microsoft SQL. For more data about supported DB see 
scripts/README. Required also PHP with all required 
submodules. This (al/ required) is little surprise — here 
will OpenLDAP, mbstring and many and many another 
programs. More detailed list we can read in ports directory 
in docs/INSTALL file. 

Before installing Horde itself, port will install a extremely 
huge pile of additional PEAR modules. It installs these 
modules, installs, installs and cannot finish... Even this 
install, you have not any guarantee, that installation 
checker did not find any missed module. 

Setting our portal on port 18511 (Why? 18511 ->0x4s84r- 
>"go" In literal). Testing address of our portal will be http:// 
horde.shelton.net 

Installation will finished without any error — we didn't do 
anything, which can throw an error. All was installed in 
directory /usr/1ocal/www/horde. | insistently recommend do not 
touch content of this directory, but copy it at another place, 
when need. You can delete it, when you will finish your setup. 
| have made a virtual host this way: see Listing 1. 

All files pathways will be shown from DocumentRoot, 
specified above. 

Because portal at all and any their module as a part sets 
up with a simple edition of configuration files conf.php, 
there is no protection from incorrect setup (when at first 
place you set up some thing, but have forgotten set it 
up at second place). In setting up flow | had to reset my 
conf.php to intermediate copies at least ten times. 

Starting installation. It drives for their own script (See 
Figure 2). 

All menu items described wholly enough. Warning — do 
not use driver mysql (mysqli) — | do not know why, but their 
using leads to hand up portal immediately after starting 
— portal tries to load a login window and cannot finish this 
load. Use ordinary mysq| driver. 

Specifying database settings and create tables and 
user to connect to database to. | can explain only item 3 
— Configure administrator settings. Old versions of Horde 
use auto-register as Administrator way to first login in 


08/2010 


Replacing Microsoft Exchange Server 


Portal. After 3.3.4 this way was changed on authorization 
by mail server — docs/1nstatL recommend edit file imp/ 
config/servers.php to specify here address of your mail 
server, when does not installed on another box (where 
portal). This menu item allows setup logins, which will 
have Administrator rights at start. 

| do not know, why they done this change — after clean 
install is more comfortable to auto-login as Administrator 
and switch to real authorization method, when all setup 
tasks will finished. For reverting first-time authorization 
method, you should edit config/conf.php (main Horde 
configuration file) similar this: 


Sconf['auth'] ['admins'] = array('Administrator'); 
Scont | *auth’|["dtiver’| = "auto's 
Sconf['auth'] ['params'] = array('username' => 


"Administrator'); 


Console actions finished. Probably, you should use it 
only for installing missed module. 

Before starting setup, you should check on all required 
modules. Doing this by visit (in browser) on http:/ 
horde.shelton.net:18511/test.pbhp and carefully read any 
text. Any message, colored with yellow — warning, you 
should read it, and correct any, pertained to our operating 
system, another ignore (i.e. when we will use MySQL, 
you can ignore warning about missed PostgreSQL). 
Any message, colored with red — errors. You should 
correct it fully, when you have any of errors, portal cannot 
run correctly. Usually, errors is missing some required 
components or important error in PHP settings. 

After correcting all errors and related warnings, visit 
http://horde.shelton.net:18511 (see Figure 3). 

We will be auto-logged in as (Administrator). Mailbox 
now is closed — for running mailbox user must exist 


Terminal <2> 


Horie Groupware kinhmae) Eq ition Conti poration Maru 
{Oo} Exit 
(1) Cantigure database settings 
(2) Lreate database or tables 
(3) Configure administrator settings 
(4) Update from an older Horde Groupware Webmail Edition version 


Typ@ your chorea; 1 

What database backend should we use? [falee] 
(False) [Hone] 
(dbase! dBase 
libage!) Firebirds Interbase 
(fbegl! Frontbaze 
(ife) Informix 
(meql) mSOL 
(aseqgl) HS SOL Server 
(myeql) HySOL 
(mysqli) HySOL (mysqli) 
(ocis) Oracle 
fedbc! ODBC 
(pgeql) PostgreSOL 
(aqlite) SOLite 
(sybase) Sybase 


[yp your choree: i 


Figure 2. Horde Groupware Webmail Edition configuration screen 
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in mail server. Mail server still is an Exchange. But 
now we do not interest a mail, we need only system 
preferences. 

Unroll item (Administration) and select (Setup). This is 
main place to setting up Horde parameters. Now, when 
only some required parameters are set, near all another 
items we can see line (missing configuration). It means 
that conf.php files for these modules still did not created. 
But at first time we will setup of portal itself. 

Starting with horde module. We will see screen with 
huge setting tabs and you can ask — | really need to visit 
each tab? Of course, not, only 2/3 (see Figure 4) :-) 

Tabs allocated quite in order to importance to visit it. 
Only (Authentication) tab skip and visit latest - when you 
will change authorization method on another, different 
from (auto), you immediately will see login screen. But set 
up a Horde — is a time-spent thing, and when you finished 
your configuration only partly, at next login you can see 
a frame with 4 error messages only. And you must be 
clear this setup, restore start configs and set up again... 
So, after each successful tab | recommend save a config 
in separate file. Below was described some parameters. 
When in description missed some tab — it does not need 
a change. 


Tab General 
Here will setup different common parameters 


* [tmpdir] — here you can setup path for temporary files, 
when default is invalid for you 

* [server][port] — here you mandatory must specified 
port number, when Horde installed on custom port 

* [cookie][path] — this setting will correspond with path, 
where Horde will installed. When Horde was installed 
at root of VirtualHost, it must be / 


Mor de My Pula MociSe Prefus 
fle Edt Yew Higtory Gockrerks foos beep or 


eoa°aeo = > C) uf 3-0 oat ra} . Be tte srpercw ahd grt vrordey » o- 
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Figure 3. Main portal screen 
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Tab Database 

Parameters on this tab is typical for selected database. For 
MySQL there are typical parameters — database name, 
user name, user password, address and port of database 
server. Beware! When you will use MySQL, select mysq], 
not mysql (mysqli)! 


Tab Logging 
Helps you when you will debug. 


* [log] [enabled] — Switch on/off debug logging 

* [log]l[priority]) — specified detail level from panic 
errors up to debug messages 

* [loglitype] — specified type of debug logging. Have 
a huge pile of variants, from database up to window 
screen. Usually | prefer ordinary file on disk. 


Another settings are understandable and commented, 
probably not so full, but sufficient 


Tab Preference System 

Here placed parameters of system, which keep personal 
settings for each Horde user. When you do not touch 
anything, settings wont be saved -— it will used only for one 
session. But, this is one parameter which you need to change 
— [prefs] [driver]. At default it set to (PHP Session), you must 
change it to (SQL Database) (or some another from list) 


Tab Alarm System 

[alarms] [driver] — you must setup, how to keep alarm 
messages. There are only 2 variants — do not keep and 
keep in database. 


Tab DataTree System 

DataTree — is some tree-like structure, used by portal 
itself to keep data instead of database, i.e. | do not know, 
where | can use it, but it exists — so, probably it is needed 
for some tasks. Parameter [database] [driver] specified, 
where will be this data kept. Exactly, list has only variants 
(yes) or (no), SO you can only keep this data or not. 


Tab Groups 

[group][driver] — specified, where we will keep groups, 
created inside of portal. This is really internal groups, 
created in Administration>Groups. 


Tab Permissions 
[perms] [driver] — specified, where will keep data about 


permissions, created inside of portal through Administrati 


on>Permissions. Minimal required rights for run portal will 
be described in the next part of article. 
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Tab Shares 

Here will setup parameters for user objects. Portal users 
can grant access for some their objects (calendars, tasks), 
and these parameters setup how it will keep. 


* [share][any group] — When Is set, user can grant 
access for any another user, when not set — only for 
users from their group 

— specified driver to keep share 


[share] [driver] 


resources data 


Tab Lock System 
[lock] [driver] — Specified using object locking 


Tab Mailer 

Specified parameters for sending mail. Parameters set 
are different for using sendmail and for using another 
server. For using another server you should specify 
[mailer] [params] [host] and 
domain name for generating address, for using sendmail 


[mailer] [params] [localhost] — 


— [mailer] (params | (sendmail path | 


Tab Virtual File Storage 
Customize the virtual file store. Used only if a further set 
Gollem — a file manager. 


°* [vfs] [type] — sets the driver VFS. 
case — to keep the file system 

* [vsf] [params] [vfsroot] — sets the path to the root of 
the VFS, in case of storage in the file system 


In the simplest 


Tab HTTP Proxy 
Specifies a set of fairly obvious settings to access the 
Internet if you are using a proxy server. 
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Figure 4. Portal settings 
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Tab MIME Detection 

The only setting specifies the path to the database 
MIME magic. For FreeBSD, this is usually /usr/share 
Alibiecioy piste pigeon 

We save the configuration of the portal. Yes, we were 
not on the tab Authentication. Not so fast there. If you 
enable authentication, not creating a configuration of 
modules, there is a risk immediately after the restart to 
see two windows with error messages about PHP instead 
of portal, since horde absolutely does not check the 
created configuration. 

Go to each of the modules in turn and simply press 
Save. There is no need to change anything, and there are 
settings there — each module on a tab, except for the Imp, 
which on the first tab, you can optionally configure the 
path to aspell program and gpg. 

Save the latest changes in the configuration, make 
a backup copy of config/conf.php and set up the 
authorization. Authorisationn in horde can be configured 
in many ways, but we are only interested in one — 
authorization by the server Active Directory, so | will 
described only this set of parameters. 


Tab Authentication 


* [Auth] [admins] — specifies a list of accounts that 
are separated by a comma, which would have 
administrative rights. These accounts must exist in 
Active Directory 

° [Auth] sets the authentication 
mechanism. To use Active Directory, choose "LDAP 
authentication" 


° [Auth] 


[driver] = 


[params] [hostspec] — Specifies the address of 
the server authentication 

* [Auth] [params] [basedn] — sets the server's root DN, 
which is usually equal to its domain name. 


References and Further Reading 


http://www.communigate.com — The home of Communiga- 
te Pro 

http://www.zimbra.com — The home of Zimbra Collabora- 
tion Suite 

http://pcbsd.org/~dwhite/zimbra/ — An article about how to 
build Zimbra on FreeBSD 

http://www.egroupware.ru/— The home of eGroupware 
http://www.moregroupware.de/ — The home of moreGro- 


upware 
http://www.horde.org/ — Site Horde Applications Frame- 
work 
http://wiki.horde.org/ — Wiki on Horde Applications Frame- 
work 
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For example, the domain shelton.net it will be equal ac = 
shelton, dc = net 

[Auth] [params] [binddn] — specifies the user name from 
which you will connect to the server LDAP. Since Windows 
2003 does not support anonymous connections, you must 
have some users who can not use any resources, and 
connect on his behalf. As a parameter to specify the 
complete name of the cn. For example, the user Idapread, 
located in the ov Other Users, the value will be equal to cn 


= ldapread, OU = Other Users, DC = shelton, DC = net 


¢ [Auth] [params] [password] — sets the user password to 
connect to LDAP 

°* [Auth] [version] — Check that is LDAP v3, 
otherwise will not work 

* [Auth] [scope] — specifies the search area 
must be given Subtree search 

* [Auth] [ad] — specifies that the server that 
performs authentication is the Active Directory server 

° [Auth] [uia] — Specifies the name of the 
attribute containing the user ID. In this field you must 
specify samaccountname 

[params]: [eneryotion] — specifies the type of 
password encryption in its verification. Specify the 
plain or msad 

° [Auth] [filter type] — specifies the type of 
filter used for the selection of accounts for verification 
of authorization. Select A complete LDAP filter 
expresson 


[params] 
[params] 
[params] 


[params] 


* [Awth] 


[params] 


Conclusion 

[Auth] [params] [filter] — Sets the proper filter for selection 
of accounts for verification of authorization. The filter 
needs to accelerate the authorization to not use the 
accounts groups, system objects, etc. A simple filter 
looks like this — (« (mail =*)), Which 
means to select all objects that have defined the field 
sAMAccountName and mail. 

Well, the portal is installed and is already able to check 
your account and password on the server Active Directory. 
But still have only a small part of the work, the main thing 
— access to email and global address book, sync with 
Outlook — is waiting for us ahead 


(sAMAccountName =*) 
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Maintenance Systems 


| was talking in previous articles about how to run 
applications widely used in the Industry that can be 
supported by BSD apart of classical IT services. 


s clear example of this is SAP Suite. SAP covers 
A all possible asset management to control the cost 

related to production and also maintenance but as 
per tighted cost in investments today, the Plants must run 
24/7 with maximum reliability and productivity possible. To 
achieve this goal, raise several technologies that support 
the maintenance activities as can be viewed in Figure 1. 

All of these technologies were supported by software 
applications but most of cases run under windows 
because is (up to moment) the standard or at least the 
most widely used. In order to don't extend the article 
and because is not intended to do it, | will detail only one 
example of these programs and his features. 

My example will be an On-line Machine Condition 
Monitoring. This system was develop by SPM Instrument 
AB and his preferred choice for this kind of systems, 
because many aspects but most important is the flexibility. 

The CMS System is a modular, software controlled on- 
line machine condition monitoring system with automatic 
data evaluation. It is applied by leading industries all over 
the world for early fault detection, to avoid production 
losses through unplanned downtime, and to reduce the 
overall costs for maintenance. 

The CMS System contains four types of measuring 
units, each with a specific task. This allows you to select 
the most cost-effective installation that meets your 
technical requirements: 
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Shock pulse measurement on rolling bearings supplies 
data on bearing damage, lubrication condition and the 
effects of alignment and load. In many applications, the 
bearings are the only machine elements which need 
monitoring. 

Vibration severity measurement is the’ ISO 
recommended method for general condition monitoring. 
It detects the most common mechanical faults, such as 
unbalance, structural weakness and loose parts. 

Analog signal monitoring is used to correlate data on 
flow, effect, pressure, temperature, etc., input as analog 
voltage or current signals, with the shock pulse and 
vibration measurements. 


Physical Asset Management 

Rehability-Centered Maintenance 

Reliability Peformance Metrics 

Predictive Maintenance and Condition Monitoring Management 
CMS and EAM 

Total Productive Maintenance (Asset Care) 

Root Cause Analysis 

PM Optimization 

Lean Maintenance 


Planning and Scheduling 


MRO - Spares Management 
Shutdowns and Turnarounds 
Alignment and Balancing 
Infrared Thermal Imaging 
Lubrication 

Oil and Fluid Analysis 

Power System and Motor Testing 


Ultrasonics 
Vibration Anahais 
Maintenance Management 


Figure 1. 
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Vibration monitoring with spectrum analysis allows 
you to target specific fault symptoms and get a machine 
specific condition evaluation. 

The core of the CMS System is the SPM software, 
Condmaster®Nova. This fifth generation program 
receives the measuring results from all SPM condition 
monitoring devices for evaluation and presentation. 

Based on extensive empirical data, international 
standards and machine statistics, the evaluation result is 
an easy to understand colour code, highlighting potential 
trouble spots. By calibrating and adjusting limit values, 
you can tune the automatic evaluation process with great 
precision and get an immediate, reliable diagnosis. 

A CMS System can contain up to 240 measuring units 
for bearing condition and vibration severity. They are 


Your main tool for fast fault detection is the alarm 
location panel which shows the trouble spots. Import 
your own picture for perfect overview. Click on a point 
to get the details: development curves, trends, result 
lists, Comments and more. 


The alarm list is generated on the basis of automati- 
cally applied evaluation rules which can be modified 
by customer defined limit values. You can also pro- 
gram alarm delay conditions, log all alarm messages 
on a printer, and connected any or all measuring 
channels to the main alarm relay. 
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An Evam® spectrum highlights the selected fault 
symptoms and states their velocity value in relation 
to overall machine vibration. 


Figure 2. 
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supplied with 230 or 115 Vac and connected in series via 
the data cables in one or two LAN networks. A system 
unit with alarm relay links the measuring units with a PC. 
Up to 9 such systems can be handled by the software 
Condmaster®Nova. 

For remote monitoring, use a connection via modem. 
Up to one week measuring results are stored in the units, 
to be recalled at suitable intervals. 

All settings are made from the PC. Measuring interval 
and sequence are set individually for each unit, alarm 
limits and relay connection for each channel. 

BMS units for bearing monitoring measure shock 
pulses on 16 channels. The signal is pick up by shock 
pulse transducers, installed on the bearing housings and 
connected with coaxial cables. 

VMS units for vibration severity monitoring the RMS 
value of vibration velocity on 8 channels. They have four 
4 relays to steer external alarm devices. Four control 
channels enable vibration measurement, e. g. to avoid 
measuring at critical speeds. 

An AMS board with 16 channels can be installed in 
each BMS or VMS unit, to monitor voltage or current lines 
carrying analog data on any customer defined quantity. 
Each unit can also be equipped with an RPM boards with 
four channels. 

Vibration analysis with EVAM® VCM-20 units are 
measuring computers for vibration analysis in frequency 
ranges up to 20 000 Hz. A unit has 8 or 24 vibration 
channels and 8 rpm channels, allowing synchronous 
and asynchronous measurement. VCM-20 units are 
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connected via PC network. Measuring results are 
analysed and stored locally in the VCM unit. The channel 
configuration and the measuring assignments are set up 
in Condmaster®Nova. 

Measuring units have stainless steel housings and 
sealed cable connections. The transducer lines are 
monitored for transmission quality and electric faults. 
Transducers, cables, connectors and other installation 
equipment are high quality products, designed for harsh 
industrial environments. 

Condmaster®Nova is SPM’s_ universal condition 
monitoring program, used for hand-held data loggers 
as well as on-line systems. It operates under several 
Windows versions and uses SQL Server as a database 
handler. 

Purely administrative data is kept at a minimum 
— you can set up one measuring point for as many as 
9 different monitoring tasks, including two free values, 
user defined measuring functions. You work with your 
familiar administrative machine data and simply instruct 
Condmaster®Nova to accept your name and number 
formats. 

The expert Knowledge needed to evaluate machine 
condition is integrated in the program: a complete bearing 
catalogue, lubricant data, bearing life calculation, the 
SPM evaluation rules, the ISO limit values, mathematical 
models for spectrum analysis and fault symptom 
detection, and much more. 

You set measuring time and measuring sequence, select 
the values to be stored and define the alarm condition. Via 
relay connections, you can control external alarm devices 
and automatic shut down. 

You only activate the measuring functions you need, 
and automatically blank out all others. Thus, you can 
work exclusively with the CMS System, but you can also 
activate the functions for SPM data loggers and other 
hand-held devices. 

Is a perfect tool for efficient maintenance, for required 
input data, you get instructive menus, default values and 
on-line help texts. You have copy and edit functions to 
save time when you register machines and measuring 
points. 

The most powerful part is EVAM® — Evaluated Vibration 
Analysis Method. It is much more than the normal 
spectrum analysing product. In addition to 9 general 
condition parameters, you can select fault symptoms 
for special analysis and work with machine specific 
evaluation criteria. 
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Low Resource PCs 


with FreeBSD 


FreeBSD is my pick for best modern operating system to use 
on older PCs. | can't believe how many used PCs end up as 
landfill while students, educators, low income families and 


others go without a computer at all. 


very own PC if some of those old machines that 
someone believes are no longer useful could 
be updated with a brand new operating system like 
FreeBSD. Also, if it runs well on older, low resources 
PCs, imagine how well it can do on a more high- 
powered machine. Why is FreeBSD my top choice for 
older machines? It ran the programs | needed more 
efficiently than Linux and other Open Source operating 
systems. It's an interesting path that brought me to 
FreeBSD. If you'd like to read more you can check my 
web site at http://www.distasis.com/cpp/slin.htm for 
further information. 
| had tried FreeBSD many years ago and the one 
reason | hadn't continued with it was that | could never 
get X Windows working. After trying several other Open 
Source operating systems, | didn't care if X Windows 
worked, | just wanted a fast, stable system. | checked 
the specifications and it looked like FreeBSD would 
load in 64 MB RAM which is what | have. Why not give it 
a try? It was fairly easy to get the basics up and running, 
but there are only so many command line, curses 
and slang based programs out there. | still wanted 
to run a few favorite GUI applications. | had heard 
about running programs like mplayer with Framebuffer 
Support in Linux. However, FreeBSD doesn't offer that 
ability. The closest equivalent | could find was kgi4BSD. 
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| also found out SDL, svgalib and WxWidgets libraries 
all offer compilation options that avoid running on top of 
X-Windows. 

SDL is supposed to run on top of VGL, svgalib or 
directfo as alternatives to X. GGI and Nano-X are also 
supposed to be alternatives to X Windows. | did my best 
to try to build alternate GUI libraries such as SDL with 
something other than X Windows, but | just couldn't get 
it to work. In the end, the only graphical program | was 
able to run via the command line was zgv which uses 
svgalib. | decided, once again, to have a go at getting 
X Windows to work. Armed with two copies of my 
xorg.conf files from previous Linux installations, | tried 
to generate a file that would get X Windows running 
on FreeBSD. It took me a day and a lot of looking up 
details in the forums as well as referring to those files to 
get X Windows finally working. | highly recommend the 
April 2010 BSD Magazine article X17 without dbus/hald 
and with three kings which illustrates some of the tips 
| needed to make my system work. 

Once | had X Windows, it was time to choose what 
to run on it. If you're using a low resource system with 
little memory and/or hard drive space, the programs 
you run can make or break your experience on the 
computer. Many people believe finding a lightweight 
window manager is one of the keys to making an 
older machine useable. If the window manager and 
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desktop programs take up too much memory or other 
resources, you won't be able to get other programs to 
run efficiently. There are several window managers out 
there to choose from. | happen to like three, Fluxbox, 
Openbox and dwm. 

lf you look at the source code for dwm, you'll see how 
compact it is. This is a great window manager for people 
who use the keyboard over a mouse or touchpad. If you 
have a background with C/C++ programming, you'll 
like the way you customize it. The settings are actually 
added as part of the code. You do need to recompile 
and link the program each time you modify settings. 
There are several examples of customizations for dwm 
available if you search the Internet. While | wouldn't want 
to use dwm with whatever settings it comes with, once 
customized, it can make an effective and efficient window 
manager. | tried to compare it to Fluxbox and Openbox 
based on how much memory they use. | ran conky for 
my measurements, but found that dwm doesn't seem 
to like conky and CPU usage goes up very high when 
both are running at once. If | run top to check memory 
usage, things look more normal. | also tried |xtask to 
check memory, but the FreeBSD package didn't appear 
to be working properly. Am hoping to try rebuilding it from 
source when | have more time. From my measurements, 
dwm uses the least memory of the three with Fluxbox 
coming next and then Openbox. 

Fluxbox and Openbox have a lot in common. They 
were both based on Blackbox. | saw an interesting 
thread on one of the forums that listed differences 
between the two. For me, there are 4 differences 
| notice when using them. Openbox developers try in 
general to use as many standards (such as XML) as 
possible. Openbox has even been completely rewritten 
from its original Blackbox fork. Both window managers 
store customizations in text files rather than needing 
you to compile the information with code like dwm 
requires. Openbox uses the XML format for its text files. 
XML is designed to make it easy for a program to parse, 
but to do so, the files must follow a strict format. My first 
impression was that its easier to mess up the format 
with the Openbox XML settings files than it is to mess up 
the Fluxbox settings files. You can set up both Fluxbox 
and Openbox to switch between applications when you 
press a key combination such as alt-tab. | often use 
that feature on Windows. However, Openbox seems to 
do it more smoothly. It even brings up a dialog showing 
the applications you can switch between. | also noticed 
keyboard navigation of menus appears smoother to 
me in Openbox. The final difference is that Fluxbox 
appears to use 1 Meg of memory less than Openbox. 
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That's despite the fact that it includes a taskbar and 
Openbox does not. If you're still not sure which window 
manager you want to run, a nice feature of both Fluxbox 
and Openbox is that you can call and switch to other 
window managers right from their menus. 

lf you're going to use Fluxbox or Openbox, you'll 
want a helper program to draw the screen background 
or you'll start noticing some weird things going on 
when the screen is supposed to redraw. Both hsetroot 
and xsetroot are in ports and can be used with these 
window managers. I've also used feh with Fluxbox. As 
well as letting you set the background, it's a helpful, 
lightweight image viewer. Fluxbox's fbsetobg wrapper 
program can usually find feh if it's available. I've seen 
some posts on setting up Openbox to use feh, but | don't 
believe the support is as automatic as it can be with 
Fluxbox. You can make use of these types of programs 
to set and redraw backgrounds or background images 
with dwm as well as Fluxbox and Openbox. 

lf you like a desktop environment, with extra programs 
to make things easier and themes to coordinate your 
application colors, there are tricks to accomplish it even 
on low memory systems. | found Fluxbox relatively easy 
to customize by editing the configuration files in a text 
editor. However, Openbox was a bit harder. You can 
download and use obconf to configure colors, themes and 
other basic settings. 

Dwm is strictly no frills and doesn't even include 
a menu. However, there's a lightweight program, dmenu, 
from the developers of dwm that does the trick and 
integrates well with dwm. You can also use it with other 
window managers. | didn't find a lot of documentation 
on dmenu, so if you want to try it out, be sure to 
check out the sample scripts that come with it. Once 
| experimented with it, | was able to create a cascading 
menu where | brought up a list of application categories 
and called dmenu again to show the applications in 
each category. 

If you're switching from Fluxbox to Openbox and miss 
the taskbar, there are several standalone replacements. 
One | found useful and highly customizable was Tint 2. 
Personally, | don't miss the Fluxbox taskbar, but | do 
miss the clock feature that's part of the taskbar. Both 
Fluxbox and Openbox have several programs called 
dockable apps that run well with them. | sometimes use 
the wmfishtime dockable app as a clock replacement in 
my window manager. The FreeBSD port of wmfishtime 
uses G/K+ 7. With limited hard drive space, | do my 
best to cut down on the number of screen libraries 
| need to install on my system. If you check the Debian 
ports on the Internet, you'll find patches for wmfishtime 
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that upgrade it to G/K+ 2 and add a digital clock 
feature | really like. 

| also wanted to mention LXDE, the Lightweight X11 
Desktop Environment. It uses Openbox, but provides 
several tools to help create the effect of an integrated 
desktop environment. LXDE is the lightest desktop I've 
been able to find. | haven't installed all of it, but | do use 
parts with Openbox and am able to run it all in 64 MB 
RAM. LXDE adds interesting programs like Ixtask and 
gpicview. 

For those who mainly run G7K+ 2 based programs, 
you can color coordinate your applications and give them 
a similar look and feel. Programs like G7K+ 2.0 Change 
Theme (gtk-chtheme) make that task easy. I've used it to 
pick a color theme | like, such as Crux and to set the font 
to a more readable size. 

It seems like | mainly use my window manager to 
navigate easily between all the terminal windows 
| have open. So naturally, choosing a lightweight terminal 
emulator was important to me. Most lightweight Linux 
distributions default to a program like rxvt over the more 
resource intensive xterm that's usually a default. | saw 
a couple of benchmarks documented on the Internet 
that seemed to back up that information and gave other 
alternatives as well. 

When | read that some terminal programs let you run 
multiple instances and share the same process to reduce 
memory and save resources, | decided that was the 
way | wanted to go. The drawback, of course, was that 
if one instance crashes, they all could. | had read that 
Sakura and Ixterminal (another LXDE offering) which are 
VTE based terminal emulators had the type of features 
| wanted. However, | didn't have all the dependent 
libraries | needed on my system to get them going. So, 
| was pleasantly surprised when | found out urxvt also 
had this feature and, of course, it required less library 
dependencies. 

| run urxvtd -q -£ -o & once from my ~/.xinitrc file 
when | start up X Windows. Then, any time | need a new 
terminal, | run urxvtc with various settings to customize 
colors, fonts and scrolling. | added the following entry to 
my window manager's menus: 


Grsvte —sl. 2048 -—bg oreyo5 -1q black —sr -in 10x20 


You can find urxvt in FreeBSD ports if you look up rxvt- 
unicode. 

Since | use the console so often, | like to customize the 
colors. When | log in, | have a blue background and white 
font that's easier on the eyes than the default black and 
white. I've added the following commands to my .profile file: 
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export COLOR="\ [033[0;37m\] [\033[44m\]" 
export PS1=SCOLOR"|\d \T@| \w | >" 


| usually have a blue background for my window 
manager as well, which makes it harder to see my 
terminal windows. Since bash is my default shell, | set 
the following in my ~/.bashrc file which is checked once 
every time bash is started: 

PS1="|\d \T\@| \w | >" 
That makes sure my urxvtc terminal session keeps the 
colors | asked for via the command line when | call it. If 
you're using a different shell program, set the environment 
variables in the appropriate settings files. If you want to 
change your shell to bash like | did, make sure your 
EDITOR environment variable is set to an easy to work 
with console editor like pico and run the chsh program to 
change the shell default. 

As | mentioned, | like to have several terminal windows 
open at once in my window manager. | also like to cut and 
paste between them and my programming editor. | thought 
cutting and pasting between Command prompts was a bit 
of a nuisance in Windows, but it is doable. It's even harder 
to cut and paste between terminals and other programs in 
X Windows. Applications may use the clipboard or a cut 
buffer. | still haven't figured out how to emulate the cut 
and paste keys I'm used to from Windows, but | can get 
my terminal emulator to work with my programming editor 
by using a program called autocutsel. | place autocutsel 
& in my window manager initialization file so that the 
program gets run once before startup and stays in the 
background. 

These are some of the more basic programs | use 
everyday with FreeBSD. However, I've only scratched 
the surface on some of the great lightweight programs 
out there. 
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Making the 


Unknown Giant Visible and Known 


FreeBSD has the moniker Unknown Giant. | confirm that 
it is true in my place. | have asked system administrators, 
computer enthusiasts, and hobbyist about FreeBSD and 
they didn't even know what I'm talking about. 


and Linux. | am nota fan of flame wars. | don't want to 
bash other operating systems, because at their own, 

they have their specialties, features, and weaknesses. 

| understand that it is hard to introduce the Unknown Giant 
to system administrators because they are accustomed to 
using the systems which they are familiar with. 

| Know the slogan, FreeBSD: Quality vs. Quantity. With 
this, | helped the Unknown Giant become visible and 
known to some of my friends. Here is my story. 

| once visited an old friend of mine. He is a system 
administrator at a small organization near my area. His 
network services were provided by Windows servers. He 
has DHCP server, ISA server, Exchange server, and SQL 
Server running in his network. Curious, | asked him what his 
common problems were in administering his systems. He 
said, Well, I'm happy the way my network runs and | don't get 
that much problems except for that Conficker thing. Conficker, 
also known as, Win32/Conficker.B is defined by the Microsoft 
Corporation as being a worm that infects other computers 
across a network by exploiting a vulnerability in the Windows 
Server service (SVCHOST.EXE). It adds that if the vulnerability 
is successfully exploited, it could allow remote code execution 
when file sharing is enabled. It also states that Conficker may 
also spread via removable drives and weak administrator 
passwords. And it explains that Conficker disables several 
important system services and security products.1 He said 
that in an event of a Conficker spread, or other worms, he just 
restores his image backup and the system is up once again. 
Well, the main problem with that is the time it takes to restore 
the image, and of course, network downtime. While the server 
is being setup and configured, the DHCP and other services 
are down, and so networking is down also. 

So | told him that an operating system named FreeBSD 
could be installed in less than 20 minutes and run network 
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services which are not platform specific such as DHCP 
service and does not require gigabytes of memory. He 
couldn't believe such a thing was possible since it took 
him hours to do fresh install of a Windows server, and 
even some Linux distributions. At that point | said, /f you 
would let me, then | will demo it. He gave me an old AMD 
Athlon computer with a 128MB of memory and watched 
me. | had the FreeBSD 8.0-RELEASE i386 disc 1 with 
me, and | started the installation. In less than 15 minutes, 
the base system was installed. After that, | downloaded 
and installed the package ISC DHCP 3.1 Server, edited 
the configuration file and connected it to his network. 
All in all, it took us 18 minutes to setup and run a DHCP 
server. 

He was amazed at what | accomplished in such 
a short time. From then on, he studied the FreeBSD 
operating system through the BSD handbook 2 (http:// 
www.freebsd.org/doc/en/books/handbook/),, read the 
BSD Magazine, and slowly migrated some servers to 
FreeBSD. He also spread the word to his friends who 
are system administrators as well who are all willing to try 
FreeBSD. 

lt is hard to advocate system administrators and 
computer users to use FreeBSD. But slowly, each one of 
us can do small things that will make the Unknown Giant 
visible and known without sacrificing quality over quantity 
and assist other users to understand their systems 
better. 


JOSHUA EBARVIA 
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and college lecturer. His passion is working and using operating 
systems specially UNIX-based and UNIX-cloned systems. You can 
reach him at joshua.ebarvia@gmail.com 
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Tired of being able to choose from only chocolate, strawberry, 
or vanilla? At iXsystems, we understand your need for custom- 
made servers. 


“Open Source Hardware Design” is the iXsystems trademark. iXsystems provides an 
assortment of pre-configured servers and storage solutions, but our true pride rests on 
our ability to customize our products to meet your specific tastes and needs. iXsystems 
mixes in the raw power of Intel® Xeon® 5600/5500 Series Processors for a truly delicious 
treat. Our Professional Enterprise Service Level packages and desktop support offering 
also enables us to ensure you get the most from your FreeBSD® and PC-BSD™ systems, 
adding the perfect toppings to your order. 


Call iXsystems toll free or visit our website today! 
+1-800-820-BSDi | www.iXsystems.com 


lintel, the Intel loge, and Seon inside are trademarks of registered trademarks of Intel Corporation in the U.5.and ather countries, 
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